Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e
Size

1MB
Sample

220113-qrzt9saeb2
MD5

a5fb0a37f7ac9d8efe9c6dc4b5075777
SHA1

00a4ce2ac284e2cebf56d60398868435fb560cbd
SHA256

fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e
SHA512

31799ab34f71c93f826bf5a25c1dc149bea00755cc671cde2de9847579bdcdecfce67da17aad4ce1a5578d5fcbe5dba6737471422155dedbd33130572f42d821

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family	danabot
Botnet	4
C2	103.175.16.113:443 103.175.16.114:443 103.175.16.113:443 103.175.16.114:443
Attributes	embedded_hash 422236FD601D11EE82825A484D26DD6F type loader
rsa_pubkey.plain
rsa_privkey.plain

Targets

- Target
  
  fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e
- Size
  
  1MB
- MD5
  
  a5fb0a37f7ac9d8efe9c6dc4b5075777
- SHA1
  
  00a4ce2ac284e2cebf56d60398868435fb560cbd
- SHA256
  
  fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e
- SHA512
  
  31799ab34f71c93f826bf5a25c1dc149bea00755cc671cde2de9847579bdcdecfce67da17aad4ce1a5578d5fcbe5dba6737471422155dedbd33130572f42d821
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Loads dropped DLL
behavioral1

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

static1

behavioral1

danabot4bankertrojan