• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Phishing Campaign Targeting Bank Employees in Pakistan, Forging Zimbra
February 12, 2019
Rewterz Threat Advisory – Mozilla Releases Security Updates for Firefox
February 13, 2019

Rewterz Threat Alert – DanaBot Malware Resurfaces with new features

February 13, 2019

Analysis Summary

DanaBot Trojan has been used in mutiple malware attacks in many countries. The Trojan has resurfaced with a new protocol for communications with C&C servers which uses AES and RSA encryption algorithms, making the existing rules used to detect C&C communications useless. A new loader has also been implemented which downloads the main module and all plugins to the victim system.

Impact
Malware Infection

Indicators of Compromise


IP(s) / Hostname(s)

  • 84[.]54[.]37[.]102
  • 89[.]144[.]25[.]243
  • 89[.]144[.]25[.]104
  • 178[.]209[.]51[.]211
  • 185[.]92[.]222[.]238
  • 192[.]71[.]249[.]51
  • 47[.]74[.]249[.]106
  • 95[.]179[.]227[.]160
  • 185[.]158[.]249[.]144

Malware Hash (MD5/SHA1/SH256)

  • 98C70361EA611BA33EE3A79816A88B2500ED7844
  • 0DF17562844B7A0A0170C9830921C3442D59C73C
  • B816E90E9B71C85539EA3BB897E4F234A0422F85
  • 5F085B19657D2511A89F3172B7887CE29FC70792
  • 4075375A08273E65C223116ECD2CEF903BA97B1E
  • 28139782562B0E4CAB7F7885ECA75DFCA5E1D570
  • B1FF7285B49F36FE8D65E7B896FCCDB1618EAA4B
  • 890B5473B419057F89802E0B6DA011B315F3EF94
  • E50A03D12DDAC6EA626718286650B9BB858B2E69
  • 9B0EC454401023DF6D3D4903735301BA669AADD1
  • DBFD8553C66275694FC4B32F9DF16ADEA74145E6
  • E0880DCFCB1724790DFEB7DFE01A5D54B33D80B6
  • 73A5B0BEE8C9FB4703A206608ED277A06AA1E384

Remediation

  • Block the threat indicators at their respective controls.
  • Keep anti-virus and other software up to date.
  • Keep applications and operating systems updated with latest security patches.
  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.