Distribution of DanaBot Malware via Word Files Detected

216.73.216.6

Distribution of DanaBot Malware via Word Files Detected

· Published 14/05/2024 08:16 · Modified 14/05/2024 08:28

Essential information

Published: 14/05/2024 08:16
Modified: 14/05/2024 08:28
Tags: 2024-05-09 2024-05-10 2024-05-14 danabot data theft evasion macros malware spam
Related entities: 1 intrusion sets (apt), 12 techniques (mitre), 1 malware

Description

This analysis examines the infection process of the DanaBot malware, distributed through sophisticated spam emails containing malicious Word documents. The documents leverage external links to download and execute macro files, which subsequently fetch and run the DanaBot payload. The infection chain, beginning with the initial email, is meticulously traced using evidence from the AhnLab EDR security product, illustrating the malware's execution, data exfiltration capabilities, and evasion techniques.

External references

https://asec.ahnlab.com/en/65399/
https://otx.alienvault.com/pulse/66431dc7f0567a43a595d446