danabot | 35b24b298440862cc09ac6a515297301ec56845de52375b67f1463cb9d210eaa | Triage

Submit
Reports

Overview

overview

Static

static

d90d31166b...82.exe

windows7_x64

d90d31166b...82.exe

windows10_x64

Sharing

General

Target

d90d31166b4e5fe2d763e3f9e8196582.exe
Size

2.7MB
Sample

201109-cczyrctlfe
MD5

d90d31166b4e5fe2d763e3f9e8196582
SHA1

0923d9d7d871462c1583e0d9e5e71dd8da009e38
SHA256

35b24b298440862cc09ac6a515297301ec56845de52375b67f1463cb9d210eaa
SHA512

32f348cb976c1cc54a8b404bc188ea0b2c3069daa995fe69ffaa352d7502086a1cff7017e2cc9326c052c38f063a064c4cb8eac0f6cf1648c5794ec11964f335

Score

10^/10

danabot banker botnet trojan

Static task

static1

Behavioral task

behavioral1

Sample

d90d31166b4e5fe2d763e3f9e8196582.exe

Resource

win7v20201028

danabot banker botnet trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d90d31166b4e5fe2d763e3f9e8196582.exe

Resource

win10v20201028

danabot banker botnet trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

185.227.138.47

38.68.50.140

2.56.212.64

38.68.50.172

172.241.27.92

193.34.167.159

179.43.133.50

rsa_pubkey.plain

Targets

- Target
  
  d90d31166b4e5fe2d763e3f9e8196582.exe
- Size
  
  2.7MB
- MD5
  
  d90d31166b4e5fe2d763e3f9e8196582
- SHA1
  
  0923d9d7d871462c1583e0d9e5e71dd8da009e38
- SHA256
  
  35b24b298440862cc09ac6a515297301ec56845de52375b67f1463cb9d210eaa
- SHA512
  
  32f348cb976c1cc54a8b404bc188ea0b2c3069daa995fe69ffaa352d7502086a1cff7017e2cc9326c052c38f063a064c4cb8eac0f6cf1648c5794ec11964f335
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankerbotnettrojan

behavioral2

danabotbankerbotnettrojan

© 2018-2024

Terms | Privacy