DanaBot Infrastructure

The report reviews recent DanaBot banking trojan activity, providing multiple late-2024 sample hashes, identifying active C2 infrastructure (notably 185.117.90.36 with an SSL certificate for srv51934.yourbestnetwork.net and 23.95.182.47), and a malicious URL (https://altraonline.com/SKOblik.exe). It highlights distribution via phishing and malicious ads (including ClickFix-style lures) and concludes the operation appears active, offering IOCs (hashes, IPs, domain) to aid detection and monitoring.