General
-
Target
05821ac6574f00468e14b701444a9d55efacee7c922d448611b4860dda82462c
-
Size
5.7MB
-
Sample
230129-wccdbahc8x
-
MD5
c539c4094f9a26c2a63b3e08c071e218
-
SHA1
cc00ac56935cd2aeff19c42ef53c6c04bafd02e2
-
SHA256
05821ac6574f00468e14b701444a9d55efacee7c922d448611b4860dda82462c
-
SHA512
79f5fd1104b9728d726930c2f62c7fcfd098ad047d2826bf2ef2a120164161e9a6dc9ec5eb875b557e063e23c349d128dd122ddae608a1e52b470568b8dc022c
-
SSDEEP
98304:feKdZFndLKkPcuiLGYoWMwHpdwt0JY/v7ejmRoY2KFwJ8PktujmGs64m:fZZVBcuiLPDqYFjm/FwJ8sP
Malware Config
Extracted
danabot
1765
3
192.236.162.42:443
152.89.247.114:443
192.3.26.98:443
192.236.146.203:443
-
embedded_hash
B2585F6479280F48B64C99F950BBF36D
-
type
main
Targets
-
-
Target
05821ac6574f00468e14b701444a9d55efacee7c922d448611b4860dda82462c
-
Size
5.7MB
-
MD5
c539c4094f9a26c2a63b3e08c071e218
-
SHA1
cc00ac56935cd2aeff19c42ef53c6c04bafd02e2
-
SHA256
05821ac6574f00468e14b701444a9d55efacee7c922d448611b4860dda82462c
-
SHA512
79f5fd1104b9728d726930c2f62c7fcfd098ad047d2826bf2ef2a120164161e9a6dc9ec5eb875b557e063e23c349d128dd122ddae608a1e52b470568b8dc022c
-
SSDEEP
98304:feKdZFndLKkPcuiLGYoWMwHpdwt0JY/v7ejmRoY2KFwJ8PktujmGs64m:fZZVBcuiLPDqYFjm/FwJ8sP
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Blocklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-