Extracted

• • Target

    allegato_852.js

  • Size

    5KB

  • MD5

    5d276660204e680b2fa68c6d7b77813c

  • SHA1

    be8d7755d4df6775a628ce60ecd1b5bbfbd35285

  • SHA256

    901e017b8d64592006b90698ebf02f818691b4763743a82f2fbbccca669549fe

  • SHA512

    eb56478eac14497d567b5289e3ec0b668f2e89cf1d14553e0b459f9c97b0fbd8ce077ba0a1d93f1248eabc8042c07d320faf7bc82f79146d982f61d875d0ca34

  • SSDEEP

    96:wtKixrcpUOWYVJ2qQKaYfxAbeDJiqRmArXtJT4fqG3p6DtkXSq1AVBVp5vpf047L:wtKiZcCOWY+74JimjjT4fqG3AtkXSqAp

  Score

  10^/10

  danabotbankercollectiondiscoveryspywarestealertrojan

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses Microsoft Outlook accounts

    collection

  • Accesses Microsoft Outlook profiles

    collection

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  behavioral1