danabot | 83a67ecd166b919255b264718993c284a3238971a24c939c45e0c525f3361a43 | Triage

Sharing

General

Target

83a67ecd166b919255b264718993c284a3238971a24c939c45e0c525f3361a43.bin
Size

5.2MB
Sample

210125-ltafad7e5a
MD5

3a4299537272d8671d85c99c17918e99
SHA1

93ff8577a13146091e40349fa523a6f54bd5fa2a
SHA256

83a67ecd166b919255b264718993c284a3238971a24c939c45e0c525f3361a43
SHA512

29011d41fdfc35cf3a4fe84fc08536bf1aa2afae2954227c58c53bbd922dcbfe256c43844e4153b56888f0e648dc57ad25d9bf15abe0dfb5796c2276b2ff1d28

Score

10^/10

danabot 21 banker discovery spyware stealer trojan

Malware Config

Extracted

Family

danabot

Version

1732

Botnet

21

C2

149.129.212.179:443

47.254.247.133:443

159.89.114.62:443

138.197.139.56:443

Attributes

embedded_hash
DE6DF8FA2198DD77CFD93D89D8ECC62D

rsa_pubkey.plain

rsa_pubkey.plain

Targets

- Target
  
  83a67ecd166b919255b264718993c284a3238971a24c939c45e0c525f3361a43.bin
- Size
  
  5.2MB
- MD5
  
  3a4299537272d8671d85c99c17918e99
- SHA1
  
  93ff8577a13146091e40349fa523a6f54bd5fa2a
- SHA256
  
  83a67ecd166b919255b264718993c284a3238971a24c939c45e0c525f3361a43
- SHA512
  
  29011d41fdfc35cf3a4fe84fc08536bf1aa2afae2954227c58c53bbd922dcbfe256c43844e4153b56888f0e648dc57ad25d9bf15abe0dfb5796c2276b2ff1d28
Score

10^/10

discovery spyware stealer danabot 21 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryspywarestealer

behavioral2

danabot21bankerdiscoveryspywarestealertrojan