Distribution of DanaBot Malware via Word Files Detected

Tags

External References

• https://asec.ahnlab.com/
• https://otx.alienvault.com/

Description

This analysis examines the infection process of the DanaBot malware, distributed through sophisticated spam emails containing malicious Word documents. The documents leverage external links to download and execute macro files, which subsequently fetch and run the DanaBot payload. The infection chain, beginning with the initial email, is meticulously traced using evidence from the AhnLab EDR security product, illustrating the malware's execution, data exfiltration capabilities, and evasion techniques.

Date