DanaBot (844417c6-a404-4c4e-8e93-84db596d725b)
It's a Trojan that includes banking site web injections and stealer functions. It consists of a downloader component that downloads an encrypted file containing the main DLL. The DLL, in turn, connects using raw TCP connections to port 443 and downloads additional modules (i.e. VNCDLL.dll, StealerDLL.dll, ProxyDLL.dll)
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| DanaBot (4f7decd4-054b-4dd7-89cc-9bdb248f7c8a) | Malpedia | DanaBot (844417c6-a404-4c4e-8e93-84db596d725b) | Banker | 1 |