Summary I came across a fairly interesting VBS-based DanaBot downloader the other day, and I figured it was worth doing a quick write-up on the obfuscation scheme and a few of the other TPPs I observed. The social engineering pretext used in this campaign was interesting as it leveraged an “unclaimed property” themed lure and…
![Decoding a DanaBot Downloader](https://security-soup.net/wp-content/uploads/2019/02/Screen-Shot-2019-02-22-at-12.04.13-AM.png)