danabot | c875b1a340febc2e1e4e723b1549046f17c03b1765737fec624d0098157637f5 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

c875b1a340febc2e1e4e723b1549046f17c03b1765737fec624d0098157637f5
Size

1.2MB
Sample

211022-tzxlnabha3
MD5

3ebb8d7e457023cb9e14a2aa3b19faa1
SHA1

ae42c910407b5f1547cf365d7d1e3cfcfc0a0a1c
SHA256

c875b1a340febc2e1e4e723b1549046f17c03b1765737fec624d0098157637f5
SHA512

5b635dfbbad84085b734cc0b53dfbf7d53cfe6e4c02c675f26c3d5e6119364361c2c073a1978bd52a8af56505c4d1ab4a2d978498dba7386f45f7b60924a2d90

Score

10^/10

danabot 4 banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

c875b1a340febc2e1e4e723b1549046f17c03b1765737fec624d0098157637f5.exe

Resource

win10-en-20210920

danabot 4 banker discovery trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Extracted

Family

danabot

Version

2052

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
main

rsa_privkey.plain

rsa_pubkey.plain

Targets

- Target
  
  c875b1a340febc2e1e4e723b1549046f17c03b1765737fec624d0098157637f5
- Size
  
  1.2MB
- MD5
  
  3ebb8d7e457023cb9e14a2aa3b19faa1
- SHA1
  
  ae42c910407b5f1547cf365d7d1e3cfcfc0a0a1c
- SHA256
  
  c875b1a340febc2e1e4e723b1549046f17c03b1765737fec624d0098157637f5
- SHA512
  
  5b635dfbbad84085b734cc0b53dfbf7d53cfe6e4c02c675f26c3d5e6119364361c2c073a1978bd52a8af56505c4d1ab4a2d978498dba7386f45f7b60924a2d90
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Suspicious use of NtCreateProcessExOtherParentProcess
- Blocklisted process makes network request
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

© 2018-2024

Terms | Privacy