Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
August 2, 2022Rewterz Threat Alert – Hancitor InfoStealer – Active IOCs
August 2, 2022Rewterz Threat Alert – HawkEye Infostealer – Active IOCs
August 2, 2022Rewterz Threat Alert – Hancitor InfoStealer – Active IOCs
August 2, 2022Severity
High
Analysis Summary
DanaBot is a persistent and ever-evolving threat that has been circulating in the wild since 2018. DanaBot was originally marketed as a Malware-as-a-Service (MaaS) offering primarily targeted banking fraud and data theft. It has, however, getting more advanced and intricate as time has progressed. DanaBot is a high-risk trojan-type malware that infiltrates the system and collects a variety of sensitive data. DanaBot is spread by developers through spam email campaigns. Users get unsolicited emails with false content encouraging them to open MS Office documents attached. When these attachments are accessed, DanaBot is secretly downloaded and installed. Infected email attachments, malicious online advertisements, social engineering, and software cracks are the distribution methods of this Trojan.
Impact
- Password & identity theft
- Data Exfiltration
- Information Theft
Indicators of Compromise
MD5
- e9ecf36cc7b73a25e65cb7ee91f9e66e
- 48d8f7bbb500af66baa765279ce58045
- e798ab9c8d4d575e3041dc3af9ef5bbb
SHA-256
- 2b92794e8da41b8ef61abad1197baf3bc398b3f1e369f07d021df6a1056828be
- db0d72bc7d10209f7fa354ec100d57abbb9fe2e57ce72789f5f88257c5d3ebd1
- d4e62e42a2bc392754692eb6be6b9af3c6ec61bc814b2505b6d5d6c74b2ee133
SHA-1
- 68c9d9eb68f69ffa1d81333345de8cab25bdce4a
- 2cdb5fdeee4e9c7bd2e5f744150521963487eb71
- 214668d782e9c7d37ea85e6eb63f58de5b32794b
Remediation
- Block all the threat indicators at your respective controls.
- Search for IOCs in your environment.