General
-
Target
a3deba7d625a14037d438b8e23d569f42111693edb4276baf6cb001c469f5652
-
Size
5.9MB
-
Sample
230129-ts986seh4w
-
MD5
a611f8e7ebb0309b34bc6550c3c82557
-
SHA1
ffc61b9568a53357a66545886d06a7bbd235b31b
-
SHA256
a3deba7d625a14037d438b8e23d569f42111693edb4276baf6cb001c469f5652
-
SHA512
b2e11a60dc8d6d6ebdaa74c1fc7407cab98feb1aadfea745af5bf83275ed4f18e6eef51eb6ea8e9b56a6cd9db3eb8ebbc42bb19e4074f330bdad9d67b821d576
-
SSDEEP
98304:/N2TDX+KRTPV9LvsnU+nvha2xVLZ9Cp2+I1zAEIR0JHxDMaXG/DOFvUvZ7Ct0iMO:lIDXVRTPAnXnZB0p2+IAAHxDMikGcZ7u
Malware Config
Extracted
danabot
1765
3
192.236.146.203:443
192.3.26.98:443
192.236.162.42:443
192.161.48.5:443
-
embedded_hash
B2585F6479280F48B64C99F950BBF36D
-
type
main
Targets
-
-
Target
a3deba7d625a14037d438b8e23d569f42111693edb4276baf6cb001c469f5652
-
Size
5.9MB
-
MD5
a611f8e7ebb0309b34bc6550c3c82557
-
SHA1
ffc61b9568a53357a66545886d06a7bbd235b31b
-
SHA256
a3deba7d625a14037d438b8e23d569f42111693edb4276baf6cb001c469f5652
-
SHA512
b2e11a60dc8d6d6ebdaa74c1fc7407cab98feb1aadfea745af5bf83275ed4f18e6eef51eb6ea8e9b56a6cd9db3eb8ebbc42bb19e4074f330bdad9d67b821d576
-
SSDEEP
98304:/N2TDX+KRTPV9LvsnU+nvha2xVLZ9Cp2+I1zAEIR0JHxDMaXG/DOFvUvZ7Ct0iMO:lIDXVRTPAnXnZB0p2+IAAHxDMikGcZ7u
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-