Distribution of DanaBot Malware via Word Files Detected
May 14, 2024, 8:28 a.m.
Description
This analysis examines the infection process of the DanaBot malware, distributed through sophisticated spam emails containing malicious Word documents. The documents leverage external links to download and execute macro files, which subsequently fetch and run the DanaBot payload. The infection chain, beginning with the initial email, is meticulously traced using evidence from the AhnLab EDR security product, illustrating the malware's execution, data exfiltration capabilities, and evasion techniques.
Tags
Date
- Created: May 14, 2024, 8:16 a.m.
- Published: May 14, 2024, 8:16 a.m.
- Modified: May 14, 2024, 8:28 a.m.