General
-
Target
prod2.exe
-
Size
3.3MB
-
Sample
220713-pew26shae3
-
MD5
47a91df4426f807d660453e2efa26027
-
SHA1
1dfe200a28b8d77ad38e539d9244167f3163e50f
-
SHA256
5a887c05193d46c6ef71ea39ca0b764db4f717d5bc994c778c9d2676978f3483
-
SHA512
c0ae0c365d74fd4e88de76c7e54e183a5311bc261af24cd0322c497a09eaf6c5ab4abfd9e35efeff700ca3903f9dd24f50977f4857c605b0467e1121365d43b4
Malware Config
Extracted
danabot
100.0.0.0:5148
58.50.42.34:13886
26.18.10.2:5662
60.52.44.36:14400
-
embedded_hash
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
-
type
loader
Targets
-
-
Target
prod2.exe
-
Size
3.3MB
-
MD5
47a91df4426f807d660453e2efa26027
-
SHA1
1dfe200a28b8d77ad38e539d9244167f3163e50f
-
SHA256
5a887c05193d46c6ef71ea39ca0b764db4f717d5bc994c778c9d2676978f3483
-
SHA512
c0ae0c365d74fd4e88de76c7e54e183a5311bc261af24cd0322c497a09eaf6c5ab4abfd9e35efeff700ca3903f9dd24f50977f4857c605b0467e1121365d43b4
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-