danabot | 6338907769534921e82ecca82da977874bac8e6e98d073f8e73fcbc82c5d3238 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

6338907769534921e82ecca82da977874bac8e6e98d073f8e73fcbc82c5d3238
Size

1.2MB
Sample

211023-jpbakadbcm
MD5

5c6fd4271c55e873b184ed0052050c5e
SHA1

36c39fb5196f2b26523e6fd44663b7f741ffbe71
SHA256

6338907769534921e82ecca82da977874bac8e6e98d073f8e73fcbc82c5d3238
SHA512

019520b6114f1cf9a2e11e5648503d0520d87745b56729be39bd5273d36e9c95787523479bbf56966ce7a2f6ac6f86d627108b9b73843b3d4cae1b507aa65108

Score

10^/10

danabot 4 banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

6338907769534921e82ecca82da977874bac8e6e98d073f8e73fcbc82c5d3238.exe

Resource

win10-en-20210920

danabot 4 banker discovery trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

Version

2052

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
main

rsa_privkey.plain

rsa_pubkey.plain

Targets

- Target
  
  6338907769534921e82ecca82da977874bac8e6e98d073f8e73fcbc82c5d3238
- Size
  
  1.2MB
- MD5
  
  5c6fd4271c55e873b184ed0052050c5e
- SHA1
  
  36c39fb5196f2b26523e6fd44663b7f741ffbe71
- SHA256
  
  6338907769534921e82ecca82da977874bac8e6e98d073f8e73fcbc82c5d3238
- SHA512
  
  019520b6114f1cf9a2e11e5648503d0520d87745b56729be39bd5273d36e9c95787523479bbf56966ce7a2f6ac6f86d627108b9b73843b3d4cae1b507aa65108
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Suspicious use of NtCreateProcessExOtherParentProcess
- Blocklisted process makes network request
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

© 2018-2024

Terms | Privacy