danabot | 917b28c2584a91fc20244c7c71d39b3f3a11d8d98f1c4f91ff4b82ca1161070c | Triage

Sharing

General

Target

917b28c2584a91fc20244c7c71d39b3f3a11d8d98f1c4f91ff4b82ca1161070c
Size

1.1MB
Sample

220106-keclbabba8
MD5

efc9b86ccfe1174acf8b6487215ddb1a
SHA1

3dcd34c332ba25cb3c09150964e786fff8003e7b
SHA256

917b28c2584a91fc20244c7c71d39b3f3a11d8d98f1c4f91ff4b82ca1161070c
SHA512

7e6e36d2cae2424dc0ab84575d2c03390b06a81d5c4c37d60d2c3661f4bc49468a58e82e40d83248152782b6eef195f60b38ba3e0b27adf84be8d9cf332c9061

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.223:443

192.236.194.72:443

192.119.110.4:443

Attributes

embedded_hash
8357B947FCA843DB2D85EC29EDCDEF3C
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  917b28c2584a91fc20244c7c71d39b3f3a11d8d98f1c4f91ff4b82ca1161070c
- Size
  
  1.1MB
- MD5
  
  efc9b86ccfe1174acf8b6487215ddb1a
- SHA1
  
  3dcd34c332ba25cb3c09150964e786fff8003e7b
- SHA256
  
  917b28c2584a91fc20244c7c71d39b3f3a11d8d98f1c4f91ff4b82ca1161070c
- SHA512
  
  7e6e36d2cae2424dc0ab84575d2c03390b06a81d5c4c37d60d2c3661f4bc49468a58e82e40d83248152782b6eef195f60b38ba3e0b27adf84be8d9cf332c9061
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan