danabot | 3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712 | Triage

Sharing

General

Target

3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712
Size

1.1MB
Sample

220112-yxwnssdgg7
MD5

faaa466bf9c6fe5eb5c8625c71af738e
SHA1

e98d76fb100d8db912c6844070c45dc86fdd1e7e
SHA256

3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712
SHA512

99b5c0cf8fa9b22004667546aa86a4e7c5314652ed790054edccc2c8e5f03bd4d59a20d26c4205edee76af567816ba766bb222f3681da899ef502983f731eaa0

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

209.127.27.22:443

103.175.16.114:443

103.175.16.113:443

Attributes

embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712
- Size
  
  1.1MB
- MD5
  
  faaa466bf9c6fe5eb5c8625c71af738e
- SHA1
  
  e98d76fb100d8db912c6844070c45dc86fdd1e7e
- SHA256
  
  3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712
- SHA512
  
  99b5c0cf8fa9b22004667546aa86a4e7c5314652ed790054edccc2c8e5f03bd4d59a20d26c4205edee76af567816ba766bb222f3681da899ef502983f731eaa0
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan