DanaBot Malware Roars Back into Relevancy

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Researchers are warning that a new fourth version of the DanaBot banking trojan has surfaced after months of mysteriously going quiet. The latest variant, still under analysis by researchers, is raising concerns given the number of past DanaBot effective campaigns.

From May 2018 to June 2020, DanaBot has been a fixture in the crimeware threat landscape, according to Proofpoint, which first discovered the malware in 2018 and posted a debrief on the latest variant Tuesday.

“Starting in late October 2020, we observed a significant update to DanaBot samples appearing in VirusTotal,” wrote Dennis Schwarz, Axel F. and Brandon Murphy, in the collaborative Tuesday report. “While it has not returned to its former scale, DanaBot is malware that defenders should put back on their radar.”
In general, DanaBot’s multi-stage infection chain starts with a dropper that triggers a cascading evolution of hacks. These include stealing network requests, siphoning off application and service credentials, data exfiltration of sensitive information, ransomware infection, desktop screenshot spying and the dropping of a cryptominer to turn targeted PCs into cryptocurrency worker bees.

With its current analysis, Proofpoint focused on the specific technical changes within the malware’s “Main component.” That facet of the malware included anti-analysis features along with:
  • Some Windows API functions are resolved at run-time.
  • When a malware-related file is read or written to the filesystem, it is done in the middle of benign decoy file reads or writes.
  • Persistence is maintained by creating an LNK file that executes the main component in the user’s Startup directory.
LNK files (or Windows shortcut files) are files created by Windows automatically, whenever a user opens their files. These files are used by Windows for connecting a file type to a specific application used to view or edit digital content.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top