danabot | a95f0ca64023607f3de2d1c78caa835eb3f525994c7fac5c817eb93fc7f9e9d4 | Triage

Sharing

General

Target

SecuriteInfo.com.Variant.Graftor.752710.32324.11949
Size

3.3MB
Sample

201109-q8m24a7566
MD5

257987409335f6287a254f9ced2bf728
SHA1

e084a1a26d6f856d574303e3439b345703c894b3
SHA256

a95f0ca64023607f3de2d1c78caa835eb3f525994c7fac5c817eb93fc7f9e9d4
SHA512

241c4f4516502e6b941e1553760a898aac23bd767181fd774bc003b498598934f3a3bffd4ab28048dc65cf3ec9812943943a9e9b409832f9f9e0d2a042c8c102

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

172.81.129.196

54.38.22.65

192.99.219.207

51.255.134.130

192.236.179.73

23.82.140.201

45.147.228.92

rsa_pubkey.plain

Targets

- Target
  
  SecuriteInfo.com.Variant.Graftor.752710.32324.11949
- Size
  
  3.3MB
- MD5
  
  257987409335f6287a254f9ced2bf728
- SHA1
  
  e084a1a26d6f856d574303e3439b345703c894b3
- SHA256
  
  a95f0ca64023607f3de2d1c78caa835eb3f525994c7fac5c817eb93fc7f9e9d4
- SHA512
  
  241c4f4516502e6b941e1553760a898aac23bd767181fd774bc003b498598934f3a3bffd4ab28048dc65cf3ec9812943943a9e9b409832f9f9e0d2a042c8c102
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

danabotbankertrojan