Description
This analysis examines the infection process of the DanaBot malware, distributed through sophisticated spam emails containing malicious Word documents. The documents leverage external links to download and execute macro files, which subsequently fetch and run the DanaBot payload. The infection chain, beginning with the initial email, is meticulously traced using evidence from the AhnLab EDR security product, illustrating the malware's execution, data exfiltration capabilities, and evasion techniques.
Date
| Published | Created | Modified |
|---|---|---|
| May 14, 2024, 8:16 a.m. | May 14, 2024, 8:16 a.m. | May 14, 2024, 8:28 a.m. |
Attack Patterns
DanaBot
DanaBot
T1555.002
T1568.002
T1552.001
T1059.001
T1012
T1059.007
T1071.001
T1204.002
T1082
T1105
T1566.001
T1002