Overview

overview

10

Static

static

2b53aa4ae2...b1.exe

windows7_x64

10

2b53aa4ae2...b1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2b53aa4ae25e0a2aa60b1f8094d0d4b1.exe

  • Size

    6.0MB

  • Sample

    210606-wp7h6w1cba

  • MD5

    2b53aa4ae25e0a2aa60b1f8094d0d4b1

  • SHA1

    07baf301c60c36b8f8f584bc0965e381116258ca

  • SHA256

    f9a4b4cc955f9e3b1154a6f1d425732c5e8785afe6deacfaa378efb9825e9e53

  • SHA512

    f618cca0245a29a79f40b9263d6705badb01efc33624912b659de68ac5eef051582296879a7d7a150ca98a1bd374237011580780d2b9130b69514eb4790a50f4

Score
10/10
danabot3bankerdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

danabot

Version

1827

Botnet

3

C2

184.95.51.183:443

184.95.51.175:443

192.210.198.12:443

184.95.51.180:443
Attributes
  • embedded_hash

    AEF96B4D339B580ABB737F203C2D0F52

rsa_pubkey.plain
rsa_pubkey.plain

Targets

    • Target

      2b53aa4ae25e0a2aa60b1f8094d0d4b1.exe

    • Size

      6.0MB

    • MD5

      2b53aa4ae25e0a2aa60b1f8094d0d4b1

    • SHA1

      07baf301c60c36b8f8f584bc0965e381116258ca

    • SHA256

      f9a4b4cc955f9e3b1154a6f1d425732c5e8785afe6deacfaa378efb9825e9e53

    • SHA512

      f618cca0245a29a79f40b9263d6705badb01efc33624912b659de68ac5eef051582296879a7d7a150ca98a1bd374237011580780d2b9130b69514eb4790a50f4

    Score
    10/10
    danabot3bankerdiscoveryspywarestealertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks