danabot | 677f90dd4838bff9c07d1f730907777ce27bdf40cca7a7a664cf675cf33b4622 | Triage

Submit
Reports

Overview

overview

Static

static

dc825fb0f3...7f.exe

windows7_x64

dc825fb0f3...7f.exe

windows10_x64

Sharing

General

Target

dc825fb0f3c7fb28693590a4a5c1cc7f.exe
Size

2.7MB
Sample

201109-nbveavcmm6
MD5

dc825fb0f3c7fb28693590a4a5c1cc7f
SHA1

6d1a2bf886509558c876c82e94465ce0b1fa0b4d
SHA256

677f90dd4838bff9c07d1f730907777ce27bdf40cca7a7a664cf675cf33b4622
SHA512

4926dcd73f5e52f2b5ba4c05ecd5610e57feea41f3367d724d0ec87bc0acd6546066f33b117921b27f5c48b2257794e117a19ffbbb5969834c95f1cab29224b5

Score

10^/10

danabot banker botnet trojan

Static task

static1

Behavioral task

behavioral1

Sample

dc825fb0f3c7fb28693590a4a5c1cc7f.exe

Resource

win7v20201028

danabot banker botnet trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dc825fb0f3c7fb28693590a4a5c1cc7f.exe

Resource

win10v20201028

danabot banker botnet trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Targets

- Target
  
  dc825fb0f3c7fb28693590a4a5c1cc7f.exe
- Size
  
  2.7MB
- MD5
  
  dc825fb0f3c7fb28693590a4a5c1cc7f
- SHA1
  
  6d1a2bf886509558c876c82e94465ce0b1fa0b4d
- SHA256
  
  677f90dd4838bff9c07d1f730907777ce27bdf40cca7a7a664cf675cf33b4622
- SHA512
  
  4926dcd73f5e52f2b5ba4c05ecd5610e57feea41f3367d724d0ec87bc0acd6546066f33b117921b27f5c48b2257794e117a19ffbbb5969834c95f1cab29224b5
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankerbotnettrojan

behavioral2

danabotbankerbotnettrojan

© 2018-2024

Terms | Privacy