danabot | 504eb3ba676729d316c8f6639ae45b0be030124e0c3007e9edade3b57b49e708 | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.GenKryptik.EKTR.2367
Size

3.3MB
Sample

201109-d2rkf4872e
MD5

b5d1fc220f0ad4ae724a50f2a681716d
SHA1

fa6e36d08a36f06c417af13a799cd4570357474c
SHA256

504eb3ba676729d316c8f6639ae45b0be030124e0c3007e9edade3b57b49e708
SHA512

9c34dd5e47b677b390dd41e3823f39f0ce726bb3af4cb75291186bd82634af424b2f3a24223aae3a0a47886cee9fd8386bb4a9aeebbb0f0e9435097549600cab

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

172.81.129.196

54.38.22.65

192.99.219.207

51.255.134.130

192.236.179.73

23.82.140.201

45.147.228.92

rsa_pubkey.plain

Targets

- Target
  
  SecuriteInfo.com.Win32.GenKryptik.EKTR.2367
- Size
  
  3.3MB
- MD5
  
  b5d1fc220f0ad4ae724a50f2a681716d
- SHA1
  
  fa6e36d08a36f06c417af13a799cd4570357474c
- SHA256
  
  504eb3ba676729d316c8f6639ae45b0be030124e0c3007e9edade3b57b49e708
- SHA512
  
  9c34dd5e47b677b390dd41e3823f39f0ce726bb3af4cb75291186bd82634af424b2f3a24223aae3a0a47886cee9fd8386bb4a9aeebbb0f0e9435097549600cab
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

danabotbankertrojan