Overview

overview

10

Static

static

10

14d1b1a276...91.dll

windows7_x64

10

14d1b1a276...91.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14d1b1a276cc2ca724d2ad6eeb0d9090c456a3aa11ac80f977911496b3123a91

  • Size

    1.1MB

  • Sample

    220205-xpws6aeea2

  • MD5

    875071870de4fad3639b04a6b7f3f3fb

  • SHA1

    f5b01b158aabbb104e53e6f4dc76a77b6a928848

  • SHA256

    14d1b1a276cc2ca724d2ad6eeb0d9090c456a3aa11ac80f977911496b3123a91

  • SHA512

    d79c173ae40880505d0d80ac638a973f05b2ee93bbfd910b79e4463bbc32a7a6d3bf023394a678ef56e7c831c8a7a629b5d4740d83d14c62d4b7a1b4a53b596e

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

64.188.12.140

64.188.19.39

151.106.53.109

172.245.247.101

185.136.167.142

242.61.5.230

184.74.28.43

118.227.95.92

37.240.137.117

185.181.8.49
rsa_pubkey.plain

Targets

    • Target

      14d1b1a276cc2ca724d2ad6eeb0d9090c456a3aa11ac80f977911496b3123a91

    • Size

      1.1MB

    • MD5

      875071870de4fad3639b04a6b7f3f3fb

    • SHA1

      f5b01b158aabbb104e53e6f4dc76a77b6a928848

    • SHA256

      14d1b1a276cc2ca724d2ad6eeb0d9090c456a3aa11ac80f977911496b3123a91

    • SHA512

      d79c173ae40880505d0d80ac638a973f05b2ee93bbfd910b79e4463bbc32a7a6d3bf023394a678ef56e7c831c8a7a629b5d4740d83d14c62d4b7a1b4a53b596e

    Score
    10/10
    danabotbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks