Extracted

• • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

  Score

  10^/10

  danabotbankerbootkitbotnetdiscoverymacromacro_on_actionpersistenceransomwaretrojanupx

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Danabot family

    danabot

  • Danabot x86 payload

    Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    botnet

  • Renames multiple (156) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Drops file in Drivers directory

  • Office macro that triggers on suspicious action

    Office document macro which triggers in special circumstances - often malicious.

    macromacro_on_action

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Legitimate hosting services abused for malware hosting/C2

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1