danabot | 4eea1a09dcccd930ad5de4e344ccb530b679229c96ec94fb5e6f3ff1f39223b7 | Triage

Submit
Reports

Overview

overview

Static

static

644a820674...52.exe

windows7_x64

644a820674...52.exe

windows10_x64

Sharing

General

Target

644a8206744eb12d83d43a4df860de52.exe
Size

1.1MB
Sample

201109-sshyvvqpv2
MD5

644a8206744eb12d83d43a4df860de52
SHA1

398c5c2aa0a6bff618975d1f2f74b50bd2213d62
SHA256

4eea1a09dcccd930ad5de4e344ccb530b679229c96ec94fb5e6f3ff1f39223b7
SHA512

872affd9a7c99d56b15676c00896e7a12cb7e77efccc4010c6831053c5cc014bbb1f78e1c3dfaf5b54fbe1cc7d6b2fb543cddc207798f51a19cb19e541ae5992

Score

10^/10

danabot banker botnet trojan

Static task

static1

Behavioral task

behavioral1

Sample

644a8206744eb12d83d43a4df860de52.exe

Resource

win7v20201028

danabot banker botnet trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

644a8206744eb12d83d43a4df860de52.exe

Resource

win10v20201028

danabot banker botnet trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

142.11.240.144

88.150.227.95

rsa_pubkey.plain

Targets

- Target
  
  644a8206744eb12d83d43a4df860de52.exe
- Size
  
  1.1MB
- MD5
  
  644a8206744eb12d83d43a4df860de52
- SHA1
  
  398c5c2aa0a6bff618975d1f2f74b50bd2213d62
- SHA256
  
  4eea1a09dcccd930ad5de4e344ccb530b679229c96ec94fb5e6f3ff1f39223b7
- SHA512
  
  872affd9a7c99d56b15676c00896e7a12cb7e77efccc4010c6831053c5cc014bbb1f78e1c3dfaf5b54fbe1cc7d6b2fb543cddc207798f51a19cb19e541ae5992
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankerbotnettrojan

behavioral2

danabotbankerbotnettrojan

© 2018-2024

Terms | Privacy