Description
Danabot is a modular banking Trojan that has been linked with other malware.
fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e
General
Target
Size
Sample
fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e
1MB
220113-qrzt9saeb2
Score
10 /10
MD5
SHA1
SHA256
SHA512
a5fb0a37f7ac9d8efe9c6dc4b5075777
00a4ce2ac284e2cebf56d60398868435fb560cbd
fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e
31799ab34f71c93f826bf5a25c1dc149bea00755cc671cde2de9847579bdcdecfce67da17aad4ce1a5578d5fcbe5dba6737471422155dedbd33130572f42d821
Malware Config
Extracted
| Family | danabot |
| Botnet | 4 |
| C2 |
103.175.16.113:443 103.175.16.114:443 |
| Attributes |
embedded_hash 422236FD601D11EE82825A484D26DD6F
type loader |
| rsa_pubkey.plain |
|
| rsa_privkey.plain |
|
Targets
Target
MD5
Filesize
fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e
a5fb0a37f7ac9d8efe9c6dc4b5075777
1MB
Score
10/10
SHA1
SHA256
SHA512
00a4ce2ac284e2cebf56d60398868435fb560cbd
fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e
31799ab34f71c93f826bf5a25c1dc149bea00755cc671cde2de9847579bdcdecfce67da17aad4ce1a5578d5fcbe5dba6737471422155dedbd33130572f42d821
Tags
Signatures
-
Danabot
-
Danabot Loader Component
-
Loads dropped DLL
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks