Technical Analysis of DanaBot Obfuscation Techniques
Key Points DanaBot is a malware-as-a-service platform discovered in 2018 that is designed to steal sensitive information that may be used for wire fraud, conduct cryptocurrency theft, or perform espionage related activities The malware is heavily obfuscated which makes it very difficult and time consuming to reverse engineer and analyze ... Read More
Peeking into PrivateLoader
Key Points PrivateLoader is a downloader malware family that was first identified in early 2021 The loader’s primary purpose is to download and execute additional malware as part of a pay-per-install (PPI) malware distribution service PrivateLoader is used by multiple threat actors to distribute ransomware, information stealers, banking trojans, downloaders, ... Read More
DanaBot Launches DDoS Attack Against the Ukrainian Ministry of Defense
Key Points A threat actor using DanaBot has launched a Distributed Denial of Service (DDoS) attack against the Ukrainian Ministry of Defense’s webmail server. The DDoS attack was launched by leveraging DanaBot to deliver a second-stage malware payload using the download and execute command. It is unclear whether this is ... Read More
Return of Emotet: Malware Analysis
Key Points Emotet is a downloader malware used to download and execute additional modules and payloads. In January 2021, a law enforcement action disrupted the malware, its infrastructure, and some of its threat actors. After almost a year-long hiatus, Emotet returned to the threat landscape in November 2021. Emotet modules ... Read More
Spike in DanaBot Malware Activity
Key Points Two large software supply chain attacks distributed the DanaBot malware. DanaBot is a malware-as-a-service platform discovered in 2018 that focuses on credential theft and banking fraud. DanaBot’s popularity has waned in recent years, but these campaigns may signal a return of the malware and its affiliates to the ... Read More