General
-
Target
f9e5fcab34a2ac4c2bcf7b36bc919e2038cbabf0aafd4acf09d2d00931463a0c
-
Size
4.4MB
-
Sample
220708-kd957abdf9
-
MD5
1d6d646d01b87e06b898395434b9679a
-
SHA1
c733010b69392264dfb3a379f2f4cf431d022193
-
SHA256
f9e5fcab34a2ac4c2bcf7b36bc919e2038cbabf0aafd4acf09d2d00931463a0c
-
SHA512
bc5459e9d4e011b37bbd58822706583bd0943d45bbb6a4e86d202cd18b4126d95d424250a0cb3a65be602864b7d58d4d8a688fc0a6462fd5a9cb70888d1fae87
Malware Config
Extracted
danabot
1732
3
192.236.192.238:443
78.138.98.136:443
193.34.167.163:443
167.114.188.34:443
-
embedded_hash
5FBA665BCC1CE0BDFE0B6AA0C06626F6
-
type
main
Targets
-
-
Target
f9e5fcab34a2ac4c2bcf7b36bc919e2038cbabf0aafd4acf09d2d00931463a0c
-
Size
4.4MB
-
MD5
1d6d646d01b87e06b898395434b9679a
-
SHA1
c733010b69392264dfb3a379f2f4cf431d022193
-
SHA256
f9e5fcab34a2ac4c2bcf7b36bc919e2038cbabf0aafd4acf09d2d00931463a0c
-
SHA512
bc5459e9d4e011b37bbd58822706583bd0943d45bbb6a4e86d202cd18b4126d95d424250a0cb3a65be602864b7d58d4d8a688fc0a6462fd5a9cb70888d1fae87
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-