danabot

General

Target

8215f0ace69bf69721bb6bf991cc87462db48b0e81851addb40d41492298e176
Size

4.3MB
Sample

220208-1xre7affdj
MD5

bdde08b2fb6638e9a34a069aa1a29f61
SHA1

8422f03e01dd55e6ef146a23fd745f172d0b94b7
SHA256

8215f0ace69bf69721bb6bf991cc87462db48b0e81851addb40d41492298e176
SHA512

5e0634490dc7398003d8d44859284d290e72672611f8b149edab3dac98f6eec93cc2fb4432c8e4bbc547a952ad0174de96707b289c970975ae47a286a930dccd

Score

10^/10

danabot 3 banker discovery spyware stealer suricata trojan upx

Malware Config

Extracted

Family

danabot

Version

1732

Botnet

3

C2

104.227.34.227:443

64.188.20.187:443

51.195.73.129:443

176.123.2.249:443

Attributes

embedded_hash
6266E79288DFE2AE2C2DB47563C7F93A
type
main

rsa_pubkey.plain

Targets

- Target
  
  8215f0ace69bf69721bb6bf991cc87462db48b0e81851addb40d41492298e176
- Size
  
  4.3MB
- MD5
  
  bdde08b2fb6638e9a34a069aa1a29f61
- SHA1
  
  8422f03e01dd55e6ef146a23fd745f172d0b94b7
- SHA256
  
  8215f0ace69bf69721bb6bf991cc87462db48b0e81851addb40d41492298e176
- SHA512
  
  5e0634490dc7398003d8d44859284d290e72672611f8b149edab3dac98f6eec93cc2fb4432c8e4bbc547a952ad0174de96707b289c970975ae47a286a930dccd
Score

10^/10

danabot 3 banker discovery spyware stealer suricata trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Suspicious use of NtCreateProcessExOtherParentProcess
- suricata: ET MALWARE Danabot Key Exchange Request
  suricata: ET MALWARE Danabot Key Exchange Request
  suricata
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

3

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateProcessExOtherParentProcess

suricata: ET MALWARE Danabot Key Exchange Request

Blocklisted process makes network request

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2