danabot | c38669f38d4b4f1e1d6881adfee332a4f5e8a1c62a630642100b340426e4e97a | Triage

Sharing

General

Target

fa036f4f21be4854f7bb2d7a3fc8cfb2.exe
Size

1.0MB
Sample

210720-v99wmzd2ya
MD5

fa036f4f21be4854f7bb2d7a3fc8cfb2
SHA1

b56d0a5c39fd1e31b9c5307a12cd6f2abea61fd1
SHA256

c38669f38d4b4f1e1d6881adfee332a4f5e8a1c62a630642100b340426e4e97a
SHA512

bdaff5c113e0249d309816ae18cb20bf3bff2a7c713fdd1058b7e6755b27a2cef4b8acdbb9fe0e5bd595376e0e78eae4bfb282ecde3fd6138f7390cd8cd929e1

Score

10^/10

danabot 4 banker discovery spyware stealer trojan

Malware Config

Extracted

Family

danabot

Version

1987

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes

embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB

rsa_privkey.plain

rsa_pubkey.plain

Targets

- Target
  
  fa036f4f21be4854f7bb2d7a3fc8cfb2.exe
- Size
  
  1.0MB
- MD5
  
  fa036f4f21be4854f7bb2d7a3fc8cfb2
- SHA1
  
  b56d0a5c39fd1e31b9c5307a12cd6f2abea61fd1
- SHA256
  
  c38669f38d4b4f1e1d6881adfee332a4f5e8a1c62a630642100b340426e4e97a
- SHA512
  
  bdaff5c113e0249d309816ae18cb20bf3bff2a7c713fdd1058b7e6755b27a2cef4b8acdbb9fe0e5bd595376e0e78eae4bfb282ecde3fd6138f7390cd8cd929e1
Score

10^/10

danabot 4 banker discovery spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoveryspywarestealertrojan

behavioral2

danabot4bankerdiscoveryspywarestealertrojan