danabot | 6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f | Triage

Submit
Reports

Overview

overview

Static

static

6548bb2839...5f.exe

windows7_x64

6548bb2839...5f.exe

windows10-2004_x64

Sharing

General

Target

6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f
Size

983KB
Sample

220226-j4nt7saaf2
MD5

26726bcd43e28e6840b33b69a3064b48
SHA1

a7010995512c3be9b2a9ad2e27d9eff1c732f5c5
SHA256

6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f
SHA512

01e7d8b783d36371ac75167ac7ab4a81e53ce14be064fb2be578f43becb8386632e74867b0f5399a3a3b0aa803a016c121b2aaab88466f1f589fc1275aa62114

Score

10^/10

danabot banker botnet trojan

Static task

static1

Behavioral task

behavioral1

Sample

6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f.exe

Resource

win7-20220223-en

danabot banker botnet trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f.exe

Resource

win10v2004-en-20220113

danabot banker botnet trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

5.61.58.130

2.56.213.39

2.56.212.4

5.61.56.192

rsa_pubkey.plain

Targets

- Target
  
  6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f
- Size
  
  983KB
- MD5
  
  26726bcd43e28e6840b33b69a3064b48
- SHA1
  
  a7010995512c3be9b2a9ad2e27d9eff1c732f5c5
- SHA256
  
  6548bb28396f639c2aef92957b6858d369c7626a881f000d089646811075955f
- SHA512
  
  01e7d8b783d36371ac75167ac7ab4a81e53ce14be064fb2be578f43becb8386632e74867b0f5399a3a3b0aa803a016c121b2aaab88466f1f589fc1275aa62114
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Suspicious use of NtCreateProcessExOtherParentProcess
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankerbotnettrojan

behavioral2

danabotbankerbotnettrojan

© 2018-2024

Terms | Privacy