General
-
Target
https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwi--Jm-17qMAxWCmYMHHQwHJjIYABADGgJlZg&co=1&gclid=CjwKCAjwwLO_BhB2EiwAx2e-32kQLcfFNTItEmNPREX50gmIyx-Z7yGQNWYFpTH8fYzqfdblIeA_WBoCxzQQAvD_BwE&ei=j-DtZ9n8FvWmptQPx43wwQ8&ohost=www.google.com&cid=CAESVeD2UQd7Umjo-XHqsJ9cyPx1wc_UIY0HlY4QzSlWOZ6KHpRF_uh9nVZp5PKtRQFrI7ZW_VxRDbXnjd_c9Ux5b8dH88oL3gQENhhxXfac3ZrYhOoz6uM&sig=AOD64_1GGwJRh6ev0ObO5gmlAhs1AG758Q&q&sqi=2&adurl&ved=2ahUKEwiZgI--17qMAxV1k4kEHccGPPgQ0Qx6BAgKEAE
-
Sample
250403-bk36sawxht
Malware Config
Extracted
danabot
51.178.195.151
51.222.39.81
149.255.35.125
38.68.50.179
51.77.7.204
Targets
-
-
Target
https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwi--Jm-17qMAxWCmYMHHQwHJjIYABADGgJlZg&co=1&gclid=CjwKCAjwwLO_BhB2EiwAx2e-32kQLcfFNTItEmNPREX50gmIyx-Z7yGQNWYFpTH8fYzqfdblIeA_WBoCxzQQAvD_BwE&ei=j-DtZ9n8FvWmptQPx43wwQ8&ohost=www.google.com&cid=CAESVeD2UQd7Umjo-XHqsJ9cyPx1wc_UIY0HlY4QzSlWOZ6KHpRF_uh9nVZp5PKtRQFrI7ZW_VxRDbXnjd_c9Ux5b8dH88oL3gQENhhxXfac3ZrYhOoz6uM&sig=AOD64_1GGwJRh6ev0ObO5gmlAhs1AG758Q&q&sqi=2&adurl&ved=2ahUKEwiZgI--17qMAxV1k4kEHccGPPgQ0Qx6BAgKEAE
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot family
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-