danabot | b95aefab5c529ef3d921a1c44dd3b0a8046af03c2514333f7b1441b24bafe7b4 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

b95aefab5c529ef3d921a1c44dd3b0a8046af03c2514333f7b1441b24bafe7b4
Size

1.2MB
Sample

211023-mszn4sdcaq
MD5

1177e6705dc59be13207b56c39db519c
SHA1

44e6ff837b7806379eaecca33d1427d8e37f546b
SHA256

b95aefab5c529ef3d921a1c44dd3b0a8046af03c2514333f7b1441b24bafe7b4
SHA512

011127bb02b708ca8384b0aec0c4c73f42760b47aa30c9b3f450037af434dda32fa5f26e326a107d7e58e70ad6126d9185c505e736f3a285613c253394e943b1

Score

10^/10

danabot 4 banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

b95aefab5c529ef3d921a1c44dd3b0a8046af03c2514333f7b1441b24bafe7b4.exe

Resource

win10-en-20210920

danabot 4 banker discovery trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

Version

2052

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
main

rsa_privkey.plain

rsa_pubkey.plain

Targets

- Target
  
  b95aefab5c529ef3d921a1c44dd3b0a8046af03c2514333f7b1441b24bafe7b4
- Size
  
  1.2MB
- MD5
  
  1177e6705dc59be13207b56c39db519c
- SHA1
  
  44e6ff837b7806379eaecca33d1427d8e37f546b
- SHA256
  
  b95aefab5c529ef3d921a1c44dd3b0a8046af03c2514333f7b1441b24bafe7b4
- SHA512
  
  011127bb02b708ca8384b0aec0c4c73f42760b47aa30c9b3f450037af434dda32fa5f26e326a107d7e58e70ad6126d9185c505e736f3a285613c253394e943b1
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Suspicious use of NtCreateProcessExOtherParentProcess
- Blocklisted process makes network request
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

© 2018-2024

Terms | Privacy