DanaBot
Description
(Fortinet) It is a modular banking Trojan that has been historically linked to combining operations with other malware operators, such as those behind Gootkit. Other modules associated with DanaBot include remote desktop through VNC, information stealing, and keylogging. While it appears that this recent attack may be looking to establish a foothold in the network, the reasons behind this are currently unknown.
Names
| Name |
|---|
| DanaBot |
Category
Malware
Type
- Banking trojan
- Keylogger
- Credential stealer
- Info stealer
Information
- https://www.fortinet.com/blog/threat-research/breakdown-of-a-targeted-danabot-attack.html
- https://0ffset.wordpress.com/2018/06/05/post-0x08-analyzing-danabot-downloader/
- https://www.proofpoint.com/us/threat-insight/post/danabot-gains-popularity-and-targets-us-organizations-large-campaigns
- https://asert.arbornetworks.com/danabots-travels-a-global-perspective/
- https://www.welivesecurity.com/2018/09/21/danabot-targeting-europe-adds-new-features/
- https://www.proofpoint.com/us/threat-insight/post/danabot-new-banking-trojan-surfaces-down-under-0
- https://www.proofpoint.com/us/threat-insight/post/danabot-control-panel-revealed
- https://www.trustwave.com/Resources/SpiderLabs-Blog/DanaBot-Riding-Fake-MYOB-Invoice-Emails/
- https://www.welivesecurity.com/2018/12/06/danabot-evolves-beyond-banking-trojan-new-spam/
- https://www.welivesecurity.com/2019/02/07/danabot-updated-new-cc-communication/
- https://blog.yoroi.company/research/dissecting-the-danabot-paylaod-targeting-italy/
- https://www.proofpoint.com/us/blog/threat-insight/new-year-new-version-danabot
- https://www.zscaler.com/blogs/security-research/danableed-danabot-c2-server-memory-leak-bug
Malpedia
Alienvault Otx
Other Information
Uuid
1e2a3277-3948-4f60-8a32-e9b9757f9330
Last Card Change
2025-06-28