danabot | d9e365ef3c3b36a9974bf0b5c95d50188d0879849fb39bc3dc38fdda6ced9b8b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

d9e365ef3c3b36a9974bf0b5c95d50188d0879849fb39bc3dc38fdda6ced9b8b
Size

1.2MB
Sample

211022-pc8m7abfb3
MD5

00c28e54775b45f20fddff77b1ded22c
SHA1

f802027b030cc702464498dd28c58bfd61145a11
SHA256

d9e365ef3c3b36a9974bf0b5c95d50188d0879849fb39bc3dc38fdda6ced9b8b
SHA512

d0807f03ddfd6bca693fe3fc405e4a45cb86cab03dcff9b5dccf7401cab4236d29a8413c3c52e04e7adc06d30a5751d303eae25a888d5e14592a8fbd16795b8e

Score

10^/10

danabot 4 banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

d9e365ef3c3b36a9974bf0b5c95d50188d0879849fb39bc3dc38fdda6ced9b8b.exe

Resource

win10-en-20210920

danabot 4 banker discovery trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Extracted

Family

danabot

Version

2052

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
main

rsa_privkey.plain

rsa_pubkey.plain

Targets

- Target
  
  d9e365ef3c3b36a9974bf0b5c95d50188d0879849fb39bc3dc38fdda6ced9b8b
- Size
  
  1.2MB
- MD5
  
  00c28e54775b45f20fddff77b1ded22c
- SHA1
  
  f802027b030cc702464498dd28c58bfd61145a11
- SHA256
  
  d9e365ef3c3b36a9974bf0b5c95d50188d0879849fb39bc3dc38fdda6ced9b8b
- SHA512
  
  d0807f03ddfd6bca693fe3fc405e4a45cb86cab03dcff9b5dccf7401cab4236d29a8413c3c52e04e7adc06d30a5751d303eae25a888d5e14592a8fbd16795b8e
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Suspicious use of NtCreateProcessExOtherParentProcess
- Blocklisted process makes network request
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

© 2018-2024

Terms | Privacy