UPDATE 10/02/2018: DanaBot has been detected targeting banks in additional countries, including the United States, Poland, Italy, Germany, and Austria. In recent campaigns, DanaBot is distributed via malspam that appears to be an eFax notification. The body of the email instructs recipients to open an attachment or click on an embedded URL in order to view a fax. If users open the document and enable the macros, the Hancitor trojan will download and install, which, in turn, delivers DanaBot and additional malware onto the computer.
Technical Details and Reporting:
Image Source: Proofpoint