Amadey Botnet – Active IOCs
January 21, 2025RedLine Stealer – Active IOCs
January 22, 2025Amadey Botnet – Active IOCs
January 21, 2025RedLine Stealer – Active IOCs
January 22, 2025Severity
High
Analysis Summary
DanaBot is a persistent and ever-evolving threat circulating in the wild since 2018. DanaBot was originally marketed as a malware-as-a-service (MaaS) offering that primarily targeted banking fraud and data theft. It has, however, gotten more advanced and intricate as time has progressed. DanaBot is a high-risk trojan-type malware that infiltrates the system and collects a variety of sensitive data. DanaBot is spread by developers through spam email campaigns. Users get unsolicited emails with false content encouraging them to open MS Office documents attached. When these attachments are accessed, DanaBot is secretly downloaded and installed.
Infected email attachments, malicious online advertisements, social engineering, and software cracks are the distribution methods of this Trojan.
Impact
- Credential Theft
- Identity theft
- Data Exfiltration
- Information Theft
Indicators of Compromise
MD5
f146a2e9f1600d43739ca4a21dbf9932
807fc3c4cee4afeac7db058f7f26530a
e19da1fe4fca9fdc1e6ba086b648ea38
59d52cf860eb87111c62c83e508c1fff
7dd99b6f70d89e05e65c424035f77412
SHA-256
5a5c1960d0c9cffd61582b40f5810046db2dbc0e3e49e4d57eedc6db7ddcfdab
f87600e4df299d51337d0751bcf9f07966282be0a43bfa3fd237bf50471a981e
99d08905abfef2eb9546f8ccc1c2ffe2f5d5fd057dd6f262c1103f8463bd5473
a489b6d09e31f5e15f6ef396579e30fa0714b01864c39e0cfc87680b88359b38
a63ce5bb501c1cb6961562e246ae2b194a33d97c1aeeb3fda4162531bd79927d
SHA1
e2ba05c1ae11300ce0c27cafb80eb173817bbba5
- f03eedfd45aa93fa147c4f7ae85cd643ce34f5c4
d4b0801e71b9f6d9c2bccf48a0fff73c12f06fa4
a85ed3e39a67902e9b1f292f972d6d4ae6538121
1285c85d3b133fea3f5f5cff8847e72d2bf6cb53
Remediation
- Block all threat indicators at your respective controls.
- Search for indicators of compromise (IOCs) in your environment utilizing your respective security controls.
- Never trust or open links and attachments received from unknown sources/senders.
- Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
- Patch and upgrade any platforms and software timely and make it into a standard security policy. Prioritize patching known exploited vulnerabilities and zero-days.
- Enable antivirus and anti-malware software and update signature definitions promptly. Using multi-layered protection is necessary to secure vulnerable assets.