Deobfuscating DanaBot’s API Hashing
Sha256 at bottom of article
#danabot #malware #deobfuscation #obfuscation #apihashing #malware analysis #reverseengineering #windows #trojan #pefile #peformat #bankingtrojan #reversing #cybersecurity #itsec #blogging
malwareandstuff.com/deobfuscating-…
#RigEK -> #SmokeLoader -> #danabot + #SystemBC + #KPOT + #Predator + #Quasar RAT + #HVNC + #SmokeLoader + Unknown malwares...
app.any.run/tasks/03749e15…
#RigEK -> #SmokeLoader -> #Danabot + #SystemBC + #Vidar (v13.1) + #Quasar RAT + #CrySis Ransomware + #Predator + #SmokeLoader
app.any.run/tasks/086e4aa9…
#Danabot source url still active
urlhaus.abuse.ch/url/363052/
Xls and Dll samples
app.any.run/tasks/73149b24…
MalwareHunterTeam Vitali Kremez James JayTHL Arkbird
2021 yılının en popüler 10 Finansal kötü amaçlı yazılım listesi şöyle oldu:
* Zbot,
* CliptoShuffler,
* SpyEye,
* Trickster,
* RTM,
* Nimnul,
* Danabot,
* Cridet,
* Nymaim ve
* Neurevt
#siberguvenlik #cybersecurity #finance #finans
#danabot dealers switched again to #brushaloader with a new trick to hide the dropurl (see image)
#brushaloader c2: https://traderserviceinfo[.]info
Certego Anna Miaśkiewicz Kafeine Andrea De Pasquale JAMESWT