Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Malware

Danabot ( Banking Trojan ) – Malware

June 2, 2023
Reading Time: 3 mins read
in Malware, Types of Malware
Name Danabot
Type of Malware Banking Trojan
Location – Country of Origin Russia. First seen in Australia
Date of initial activity 2018
Motivation Stolen banking information, passwords, identity theft, victim’s computer added to a botnet.
Attack Vectors Infected email attachments, malicious online advertisements, social engineering, software cracks.
Targeted System Windows

Overview

Danabot is a modular banking Trojan written in Delphi that targets the Windows platform. The malware, which was first observed in 2018, is distributed via malicious spam emails. From May 2018 to June 2020, DanaBot was a fixture in the crimeware threat landscape. Proofpoint researchers observed multiple threat actors with at least 12 affiliate IDs in version 2 and 38 IDs in version 3. These affiliate identifications (IDs) represent the threat actors the DanaBot operators serve. After June 2020, there was a sharp decline in DanaBot activity in Proofpoint’s data and in public threat intel repositories (e.g. MalwareBazaar and #DanaBot). It disappeared from the threat landscape without a clear cause.

Targets

Financial institutions predominantly located in the United States, Canada, Germany, United Kingdom, Australia, Italy, Poland, Mexico, and Ukraine.

Tools/ Techniques Used

Once a device is infected, the malware downloads updated configuration code and other modules from the C&C server. Available modules include a “sniffer” to intercept credentials, a “stealer” to steal passwords from popular applications, a “VNC” module for remote control, and more.

Impact / Significant Attacks

Large Software Supply Chain Attack (October 22, 2021).

Second Large Software Supply Chain Attack (November 4, 2021).

DDoS Attack on Russian Language Electronics Forum (October 2021)

Indicators of Compromise (IoCs)

hxxps://citationsherbe\.at/sdd.dll

2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd

77ff83cc49d6c1b71c474a17eeaefad0f0a71df0a938190bf9a9a7e22531c292
 
185.158.250.216:443
 
194.76.225.46:443
 
45.11.180.153:443
 
194.76.225.61:443
 
bjij7tqwaipwbeig5ubq4xjb6fy7s3lknhkjojo4vdngmqm6namdczad\.onion
 
hxxps://pastorcryptograph\.at/3/sdd.dll
 
26451f7f6fe297adf6738295b1dcc70f7678434ef21d8b6aad5ec00beb8a72cf
 
e7c9951f26973c3915ffadced059e629390c2bb55b247e2a1a95effbd7d29204
 
185.117.90.36:443
 
193.42.36.59:443
 
193.56.146.53:443
 
185.106.123.228:443
 
f4d12a885f3f53e63ac1a34cc563db0efb6d2d1d570317f7c63f0e6b5bf260b2
 
ad0ccba36cef1de383182f866478abcd8b91f8e060d03e170987431974dc861e
 
192.119.110.73:443
 
192.236.147.159:443
 
192.210.222.88:443
 
gcwr4vcf72vpcrgevcziwb7axooa3n47l57dsiwxvzvcdlt7exsvk5yd.onion
 

References

  1. New Year, New Version of DanaBot
  2. What is DanaBot?
  3. Spike in DanaBot Malware Activity
Tags: AustraliaBanking TrojanCyberattackCybersecurityDanabotIdentity TheftMalwaremalware nameRussiaTrojanWindows
ADVERTISEMENT

Related Posts

Iranian Phishing Campaign (Scam) – Malware

Iranian Phishing Campaign (Scam) – Malware

March 2, 2025
Fake WalletConnect (Infostealer) – Malware

Fake WalletConnect (Infostealer) – Malware

March 2, 2025
SilentSelfie (Infostealer) – Malware

SilentSelfie (Infostealer) – Malware

March 2, 2025
Sniper Dz (Scam) – Malware

Sniper Dz (Scam) – Malware

March 2, 2025
TikTok Malware Scam (Trojan) – Malware

TikTok Malware Scam (Trojan) – Malware

March 2, 2025
Zombinder (Exploit Kit) – Malware

Zombinder (Exploit Kit) – Malware

March 2, 2025

Latest Alerts

Google Patches Chrome Account Takeover Bug

Horabot Malware Targets LatAm Via Phishing

HTTPBot DDoS Threat To Windows Systems

Microsoft Defender Bug Allows SYSTEM Access

Uncanny Automator Bug Risks WordPress Sites

Devs Hit By PyPI Solana Token Secret Theft

Subscribe to our newsletter

    Latest Incidents

    Dior Breach Exposes Asian Customer Data

    Australian Human Rights Body Files Leaked

    Nucor Cyberattack Halts Plants Networks

    Alabama Cybersecurity Event Hits Services

    Andy Frain Data Breach Impacts 100k People

    Hong Kong DSC Hit By Ransomware Attack

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial