danabot | 214e3cd3db2fd521d7a66d0e4ede79c152870ff0330f839d01d7cc141cdc0a14 | Triage

Sharing

General

Target

SecuriteInfo.com.Variant.Graftor.752710.8384.15318
Size

3.3MB
Sample

201109-4k59awxlm6
MD5

90ac2235ac7890cd0a7c39aedee49302
SHA1

2e6a5a180e757ef69402d20ae21c7dfc5cf96950
SHA256

214e3cd3db2fd521d7a66d0e4ede79c152870ff0330f839d01d7cc141cdc0a14
SHA512

349d7cb55bfc05815d5949d8009c45e7fdd9665649b67ecd4a7162a2fa153fc09ca3ad17b3617b8c1df3a677c713ee6e701067a5fc2a8b5257b8678d88be96c7

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

172.81.129.196

54.38.22.65

192.99.219.207

51.255.134.130

192.236.179.73

23.82.140.201

45.147.228.92

rsa_pubkey.plain

Targets

- Target
  
  SecuriteInfo.com.Variant.Graftor.752710.8384.15318
- Size
  
  3.3MB
- MD5
  
  90ac2235ac7890cd0a7c39aedee49302
- SHA1
  
  2e6a5a180e757ef69402d20ae21c7dfc5cf96950
- SHA256
  
  214e3cd3db2fd521d7a66d0e4ede79c152870ff0330f839d01d7cc141cdc0a14
- SHA512
  
  349d7cb55bfc05815d5949d8009c45e7fdd9665649b67ecd4a7162a2fa153fc09ca3ad17b3617b8c1df3a677c713ee6e701067a5fc2a8b5257b8678d88be96c7
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

danabotbankertrojan