danabot | 344008f54e17556e7ec3fa01039b58cf21f66d0fa9fe6f8ecf4bc0f077839539 | Triage

Submit
Reports

Overview

overview

Static

static

siri_2.exe

windows7_x64

siri_2.exe

windows10_x64

Sharing

General

Target

siri_2
Size

2.6MB
Sample

201111-xxsylzpbys
MD5

77bf0712c5776c3bd6357e061c38141a
SHA1

ee397840293b249addcc17d5e36fd49013773716
SHA256

344008f54e17556e7ec3fa01039b58cf21f66d0fa9fe6f8ecf4bc0f077839539
SHA512

585449d790da3584f5930941064d9b5e2a4692c155d8a28dba83901bb48de9ebcede8f7d5eb13adb2b15fd18448776402fd982473fee9b58bcd699dd35850eea

Score

10^/10

danabot banker botnet trojan

Static task

static1

Behavioral task

behavioral1

Sample

siri_2.exe

Resource

win7v20201028

danabot banker botnet trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

siri_2.exe

Resource

win10v20201028

danabot banker botnet trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

93.115.21.232

109.200.24.21

93.115.21.236

rsa_pubkey.plain

Targets

- Target
  
  siri_2
- Size
  
  2.6MB
- MD5
  
  77bf0712c5776c3bd6357e061c38141a
- SHA1
  
  ee397840293b249addcc17d5e36fd49013773716
- SHA256
  
  344008f54e17556e7ec3fa01039b58cf21f66d0fa9fe6f8ecf4bc0f077839539
- SHA512
  
  585449d790da3584f5930941064d9b5e2a4692c155d8a28dba83901bb48de9ebcede8f7d5eb13adb2b15fd18448776402fd982473fee9b58bcd699dd35850eea
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Suspicious use of NtCreateProcessExOtherParentProcess
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankerbotnettrojan

behavioral2

danabotbankerbotnettrojan

© 2018-2024

Terms | Privacy