Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12
Size

1MB
Sample

220112-ttcdjadbe4
MD5

a8c9c70c215549f68555476f80cd20e9
SHA1

d499cf0f21c0fba8aaf6e0eb44d4bca3d754da5c
SHA256

9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12
SHA512

1be51796ed8fd6c6807be48e0e2b13721d15ba6498587ce2e1121df13ff3176dd38e44d0561b53542e4355ac43fbda60d7ea1660f82534e18f1d4c1bfd911abc

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family	danabot
Botnet	4
C2	209.127.27.22:443 103.175.16.114:443 103.175.16.113:443 209.127.27.22:443 103.175.16.114:443 103.175.16.113:443
Attributes	embedded_hash 422236FD601D11EE82825A484D26DD6F type loader
rsa_pubkey.plain
rsa_privkey.plain

Targets

- Target
  
  9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12
- Size
  
  1MB
- MD5
  
  a8c9c70c215549f68555476f80cd20e9
- SHA1
  
  d499cf0f21c0fba8aaf6e0eb44d4bca3d754da5c
- SHA256
  
  9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12
- SHA512
  
  1be51796ed8fd6c6807be48e0e2b13721d15ba6498587ce2e1121df13ff3176dd38e44d0561b53542e4355ac43fbda60d7ea1660f82534e18f1d4c1bfd911abc
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

danabot4bankertrojan