danabot | 25dfa7709940a235749d6be1658b9bc7b650dd2cf9a61934cc3f6deb38e7f38a | Triage

Submit
Reports

Overview

overview

Static

static

siri_1.exe

windows7_x64

siri_1.exe

windows10_x64

Sharing

General

Target

siri_1
Size

2.6MB
Sample

201111-vvwqga5ba2
MD5

71c0859705ea213fbb15685db30f2312
SHA1

21c2f4231259df8d3a14993e605c63150fb3aea8
SHA256

25dfa7709940a235749d6be1658b9bc7b650dd2cf9a61934cc3f6deb38e7f38a
SHA512

fea69c9ba099dc06002f336d767b14bb36f265dc1f8de0cf09139add98ad06e6ad9bef969bc53f8ebfe6ca734fba8146e3d21d3a102d6f8db5ad942c9484abf2

Score

10^/10

danabot banker botnet trojan

Static task

static1

Behavioral task

behavioral1

Sample

siri_1.exe

Resource

win7v20201028

danabot banker botnet trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

siri_1.exe

Resource

win10v20201028

danabot banker botnet trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

45.147.231.202

23.83.133.10

137.74.66.92

185.227.138.52

192.236.146.249

149.255.35.125

rsa_pubkey.plain

Targets

- Target
  
  siri_1
- Size
  
  2.6MB
- MD5
  
  71c0859705ea213fbb15685db30f2312
- SHA1
  
  21c2f4231259df8d3a14993e605c63150fb3aea8
- SHA256
  
  25dfa7709940a235749d6be1658b9bc7b650dd2cf9a61934cc3f6deb38e7f38a
- SHA512
  
  fea69c9ba099dc06002f336d767b14bb36f265dc1f8de0cf09139add98ad06e6ad9bef969bc53f8ebfe6ca734fba8146e3d21d3a102d6f8db5ad942c9484abf2
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankerbotnettrojan

behavioral2

danabotbankerbotnettrojan

© 2018-2024

Terms | Privacy