Extracted

• • Target

    DHL_06052019_00330134265324053041.vbs

  • Size

    1.5MB

  • MD5

    92ecf80bc725fa74181d95ac0838e868

  • SHA1

    7f799efa6d6cb3cfe194d5ca6b046839bf5f2a14

  • SHA256

    d0d6b5440599fb7f047c0f2c933f2291c308d8c755d03d50097d7509005898f0

  • SHA512

    9e00078a0e70f5f7bf5042d9ca3639facc495e8337a05912b0c10ab0b9d6bc7efcd8fcde7f9a313f833f71593eadab642211403449558e0027d52695ef8754ce

  • SSDEEP

    3072:bEBy+XzeuINWCVuvRNZ0/8eywuFgT1Nk0g4gvVuctC76l/ahL/rk1yuJaXXn/kd3:WUIPbDXs10xh

  Score

  10^/10

  danabotbankerbotnettrojan

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Danabot x86 payload

    Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    botnet

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  behavioral1behavioral2