General
-
Target
241b9208268e2bece5fd7993ae3c4357cc1af154e061eb0191a9035127b6233d
-
Size
4.4MB
-
Sample
220708-ryj8tsgbg7
-
MD5
0c0299963a7f950f3adfa4e7a7ace018
-
SHA1
ff62c43734e72e5ded0c2bac2a9e24bf3eee408a
-
SHA256
241b9208268e2bece5fd7993ae3c4357cc1af154e061eb0191a9035127b6233d
-
SHA512
2cf1f59d37748e63f158b04815a2dbe83620c97c3cc1b04db5baa72657fb136eb240e48e65910170a5458427c4f639f762ba4dec1e299637eb5a769326b4a03d
Malware Config
Extracted
danabot
1732
3
108.62.141.152:443
23.106.123.249:443
192.241.101.68:443
108.62.118.103:443
-
embedded_hash
49574F66CD0103BBD725C08A9805C2BE
-
type
main
Targets
-
-
Target
241b9208268e2bece5fd7993ae3c4357cc1af154e061eb0191a9035127b6233d
-
Size
4.4MB
-
MD5
0c0299963a7f950f3adfa4e7a7ace018
-
SHA1
ff62c43734e72e5ded0c2bac2a9e24bf3eee408a
-
SHA256
241b9208268e2bece5fd7993ae3c4357cc1af154e061eb0191a9035127b6233d
-
SHA512
2cf1f59d37748e63f158b04815a2dbe83620c97c3cc1b04db5baa72657fb136eb240e48e65910170a5458427c4f639f762ba4dec1e299637eb5a769326b4a03d
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-