DanaBot - A new banking Trojan surfaces Down Under | Proofpoint US
Tags
| country: | Australia Germany Italy United Kingdom |
| maec-delivery-vectors: | Watering Hole |
| attack-pattern: | Data Javascript - T1059.007 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Vnc - T1021.005 Powershell - T1086 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | b27c0afe-7523-44b1-b558-2312ff65d225 |
| Fingerprint | 3c3c2c394c3d2299 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 31, 2018, 9:45 p.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | DanaBot - A new banking Trojan surfaces Down Under |
| Title | DanaBot - A new banking Trojan surfaces Down Under | Proofpoint US |
| Detected Hints/Tags/Attributes | 83/3/94 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | users.tpg.com.au |
|
| Details | Domain | 1 | bbc.lumpens.org |
|
| Details | Domain | 1 | ftp.netregistry.net |
|
| Details | Domain | 1 | 0987346-23764.zip |
|
| Details | Domain | 1 | members.giftera.org |
|
| Details | Domain | 4 | adnxs.com |
|
| Details | Domain | 198 | youtube.com |
|
| Details | Domain | 15 | outlook.live.com |
|
| Details | Domain | 4 | clientservices.googleapis.com |
|
| Details | Domain | 7 | clients4.google.com |
|
| Details | Domain | 54 | connect.facebook.net |
|
| Details | Domain | 22 | mozilla.org |
|
| Details | Domain | 6 | mozilla.com |
|
| Details | Domain | 1 | syndication.twitter.com |
|
| Details | Domain | 1 | cws.conviva.com |
|
| Details | Domain | 4 | api.segment.io |
|
| Details | Domain | 2 | as-sec.casalemedia.com |
|
| Details | Domain | 1 | yunify.chicoryapp.com |
|
| Details | Domain | 1 | beacons.gcp.gvt2.com |
|
| Details | Domain | 330 | facebook.com |
|
| Details | Domain | 5 | mc.yandex.ru |
|
| Details | Domain | 1 | api.logmatic.io |
|
| Details | Domain | 1 | sot3.mavenhut.com |
|
| Details | Domain | 1 | erlang.simcase.ru |
|
| Details | Domain | 6 | sentry.io |
|
| Details | Domain | 1 | dsn.algolia.net |
|
| Details | Domain | 5 | urs.microsoft.com |
|
| Details | Domain | 69 | paypal.com |
|
| Details | Domain | 25 | netflix.com |
|
| Details | Domain | 1 | update.fbsbx.com |
|
| Details | Domain | 1 | cybertonica.com |
|
| Details | Domain | 1 | webmail.subwayadmin.com.au |
|
| Details | Domain | 1 | email.telstra.com |
|
| Details | Domain | 18 | googleapis.com |
|
| Details | Domain | 26 | outlook.office365.com |
|
| Details | Domain | 12 | outlook.office.com |
|
| Details | Domain | 49 | mail.google.com |
|
| Details | Domain | 3 | client-channel.google.com |
|
| Details | Domain | 5 | bam.nr-data.net |
|
| Details | Domain | 1 | browser.pipe.aria.microsoft.com |
|
| Details | Domain | 1 | client-s.gateway.messenger.live.com |
|
| Details | Domain | 3 | notifications.google.com |
|
| Details | Domain | 707 | google.com |
|
| Details | Domain | 94 | bing.com |
|
| Details | Domain | 1 | bidder.criteo.com |
|
| Details | Domain | 3 | demdex.net |
|
| Details | Domain | 1 | insights.hotjar.com |
|
| Details | Domain | 1 | nexus-long-poller-b.intercom.io |
|
| Details | Domain | 51 | icloud.com |
|
| Details | Domain | 3 | acexedge.com |
|
| Details | Domain | 1 | vid-io.springserve.com |
|
| Details | Domain | 1 | vuws.westernsydney.edu.au |
|
| Details | Domain | 3 | my.commbank.com.au |
|
| Details | Domain | 1 | dep.properfunds.org |
|
| Details | Domain | 2 | my.commbiz.commbank.com.au |
|
| Details | Domain | 1 | marinersnorth.com.au |
|
| Details | 1 | gxrhrgby7@ftp.netregistry.net |
||
| Details | 1 | mbsx5347@marinersnorth.com.au |
||
| Details | File | 1 | account+statement_mon752018.doc |
|
| Details | File | 1 | txbdqjblvs.php |
|
| Details | File | 1 | statement_mon752018.doc |
|
| Details | File | 1 | 0987346-23764.zip |
|
| Details | File | 1 | whubcajpqg.php |
|
| Details | File | 6 | vncdll.dll |
|
| Details | File | 1 | stealerdll.dll |
|
| Details | File | 1 | proxydll.dll |
|
| Details | File | 1018 | rundll32.exe |
|
| Details | File | 2 | desktopscreen.bmp |
|
| Details | File | 1 | files-c.txt |
|
| Details | File | 207 | login.php |
|
| Details | File | 6 | api.log |
|
| Details | File | 3 | s.ace |
|
| Details | File | 1 | decent.exe |
|
| Details | File | 1 | karbowanec.exe |
|
| Details | File | 1 | arkclient.exe |
|
| Details | File | 6 | wallet.exe |
|
| Details | File | 1 | pascalcoinwallet.exe |
|
| Details | File | 1 | walletkeys.dat |
|
| Details | File | 96 | wallet.dat |
|
| Details | sha256 | 1 | 82c783d3c8055e68dcf674946625cfae864e74a973035a61925d33294684c6d4 |
|
| Details | sha256 | 1 | f60c6c45ff27d1733d8ab03393ab88e3a2d7c75c7d9fce3169417e8c9fd3df12 |
|
| Details | sha256 | 1 | a8a9a389e8da313f0ffcde75326784268cbe1447ce403c7d3a65465f32a1d858 |
|
| Details | sha256 | 1 | e59fdd99c210415e5097d9703bad950d38f448b3f98bb35f0bdc83ac2a41a60b |
|
| Details | sha256 | 1 | 78b0bd05b03a366b6fe05621d30ab529f0e82b02eef63b23fc7495e05038c55a |
|
| Details | sha256 | 1 | 6ece271a0088c88ed29f4b78eab00d0e7800da63757b79b6e6c3838f39aa7b69 |
|
| Details | IPv4 | 1 | 207.148.86.218 |
|
| Details | IPv4 | 1 | 144.202.61.204 |
|
| Details | IPv4 | 1 | 104.238.174.105 |
|
| Details | IPv4 | 1 | 5.188.231.229 |
|
| Details | Url | 1 | http://users.tpg.com.au/angelcorp2001/account+statement_mon752018.doc |
|
| Details | Url | 1 | http://bbc.lumpens.org/txbdqjblvs.php |
|
| Details | Url | 1 | ftp://kuku1770:gxrhrgby7@ftp.netregistry.net/0987346-23764.zip |
|
| Details | Url | 1 | http://members.giftera.org/whubcajpqg.php |
|
| Details | Url | 3 | https://www.proofpoint.com/us/threat-insight/post/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler |