Description
Danabot is a modular banking Trojan that has been linked with other malware.
ca8990349224f84d04c36c55bf71b11376e8c9008909680bcc63519b3f1c1439.zip
General
Target
Size
Sample
ca8990349224f84d04c36c55bf71b11376e8c9008909680bcc63519b3f1c1439.zip
119KB
220109-s3kktsdhfm
Score
10 /10
MD5
SHA1
SHA256
SHA512
9d80de2b8ab636bc5e3c9e84311f4bbe
b80d069b9ab74d3f43cd75ee25e2068a43344b5f
96e66b4ae99b64723c465071112d406e2d9311b784b0e51dbe4af769bd7ea59e
0bdf0bc4beac1ae5dcabbef83d6cb275b1b5a4e5a2311ecaed60797366d06785739b34311f0127ae50e1e49328204324ab1f2f419793b17a17a542954bc9d1a7
Malware Config
Extracted
| Family | smokeloader |
| Version | 2020 |
| C2 |
http://nahbleiben.at/upload/ http://noblecreativeaz.com/upload/ http://tvqaq.cn/upload/ http://recmaster.ru/upload/ http://sovels.ru/upload/ |
| rc4.i32 |
|
| rc4.i32 |
|
Extracted
| Family | danabot |
| Botnet | 4 |
| C2 |
192.119.110.4:443 103.175.16.113:443 |
| Attributes |
embedded_hash 422236FD601D11EE82825A484D26DD6F
type loader |
| rsa_pubkey.plain |
|
| rsa_privkey.plain |
|
Targets
Target
MD5
Filesize
61dae93d780db_Sun139.exe
c817d8a9ea3ed03f247e2f0a000a675a
293KB
Score
10/10
SHA1
SHA256
SHA512
4194929b5a02524e1e24179014fa13e95a93ee1a
ca8990349224f84d04c36c55bf71b11376e8c9008909680bcc63519b3f1c1439
08369b4303d481e42a7923fcf7606fef1379060fd65ecd0e224af48f396370e58421e9247471327f44e27166479c0944a57d37312888d42f532bbd661378a618
Tags
Signatures
-
Danabot
-
Danabot Loader Component
-
SmokeLoader
Description
Modular backdoor trojan in use since 2014.
Tags
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Description
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
Tags
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks