Overview

overview

10

Static

static

d8e3e3b04c...69.exe

windows7_x64

10

d8e3e3b04c...69.exe

windows10_x64

1

Resubmissions

19-03-2021 09:13

210319-84b7rlw1d6 10

18-03-2021 18:56

210318-hk522b1dkx 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8e3e3b04cb2c871b54230d525d35969.exe

  • Size

    5.9MB

  • Sample

    210319-84b7rlw1d6

  • MD5

    d8e3e3b04cb2c871b54230d525d35969

  • SHA1

    50704890fc3aca9673c702b4690b2db356e7f9b7

  • SHA256

    3a69d53fffc2b8fe5dc264bf431187612503af38ec137d01e5e6f5a8ff6128c6

  • SHA512

    adacdd6ef38469da9e70009444689626f329704856f12c7d611099fa7e8c079f2eba16028fa2ddfe95da4d1ca6ec303ec06ed9e3a90db4190df4647462630d5f

Score
10/10
danabotbankerdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

danabot

Version

1765

C2

142.44.224.16:443

23.106.123.117:443

192.3.26.98:443

192.161.48.5:443
rsa_pubkey.plain
rsa_pubkey.plain

Targets

    • Target

      d8e3e3b04cb2c871b54230d525d35969.exe

    • Size

      5.9MB

    • MD5

      d8e3e3b04cb2c871b54230d525d35969

    • SHA1

      50704890fc3aca9673c702b4690b2db356e7f9b7

    • SHA256

      3a69d53fffc2b8fe5dc264bf431187612503af38ec137d01e5e6f5a8ff6128c6

    • SHA512

      adacdd6ef38469da9e70009444689626f329704856f12c7d611099fa7e8c079f2eba16028fa2ddfe95da4d1ca6ec303ec06ed9e3a90db4190df4647462630d5f

    Score
    10/10
    danabotbankerdiscoveryspywarestealertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks