danabot | 94f5f6529944c9b5eda9a8a5cadb6b5b97c29dc338a6b018aa0145890e3b2b3b | Triage

Sharing

General

Target

94f5f6529944c9b5eda9a8a5cadb6b5b97c29dc338a6b018aa0145890e3b2b3b
Size

1.1MB
Sample

220106-2e37pscagr
MD5

fbc154f362d0d6a0ded11664d27f2ea4
SHA1

d878d204a902b674ad1d1776e1172b5990082f92
SHA256

94f5f6529944c9b5eda9a8a5cadb6b5b97c29dc338a6b018aa0145890e3b2b3b
SHA512

ba574b0047728a5709621ef8b16ba7642326ed3d26b046ef278c74d5d4e745219ea45af66ee42e22eefb495186356a2ae73448859a84f526ab5bbfe9390d6013

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.223:443

192.236.194.72:443

192.119.110.4:443

Attributes

embedded_hash
8357B947FCA843DB2D85EC29EDCDEF3C
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  94f5f6529944c9b5eda9a8a5cadb6b5b97c29dc338a6b018aa0145890e3b2b3b
- Size
  
  1.1MB
- MD5
  
  fbc154f362d0d6a0ded11664d27f2ea4
- SHA1
  
  d878d204a902b674ad1d1776e1172b5990082f92
- SHA256
  
  94f5f6529944c9b5eda9a8a5cadb6b5b97c29dc338a6b018aa0145890e3b2b3b
- SHA512
  
  ba574b0047728a5709621ef8b16ba7642326ed3d26b046ef278c74d5d4e745219ea45af66ee42e22eefb495186356a2ae73448859a84f526ab5bbfe9390d6013
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan