danabot | 3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec | Triage

Submit
Reports

Overview

overview

Static

static

3168462b40...ec.exe

windows7_x64

3168462b40...ec.exe

windows10-2004_x64

Sharing

General

Target

3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec
Size

979KB
Sample

220226-k5mh7sbefm
MD5

adc8c26038ab606b280ce3ea693b5bc4
SHA1

b2a2a0c749adb844e94b33c141e3044387b688b2
SHA256

3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec
SHA512

d0e46ebf72244663c58a320d81e631f731a3ab84bd9e9be05e69259fa0d7166d6213b9c61e4f8e6dde0400f94a92afdbcee36190d97ef141e0ec4cad7797c70c

Score

10^/10

danabot banker botnet trojan

Static task

static1

Behavioral task

behavioral1

Sample

3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec.exe

Resource

win7-en-20211208

danabot banker botnet trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec.exe

Resource

win10v2004-en-20220113

danabot banker botnet trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

5.61.58.130

2.56.213.39

2.56.212.4

5.61.56.192

rsa_pubkey.plain

Targets

- Target
  
  3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec
- Size
  
  979KB
- MD5
  
  adc8c26038ab606b280ce3ea693b5bc4
- SHA1
  
  b2a2a0c749adb844e94b33c141e3044387b688b2
- SHA256
  
  3168462b40b11698b32fa1f90b8d684cba056ff88837ad67efad1d203641deec
- SHA512
  
  d0e46ebf72244663c58a320d81e631f731a3ab84bd9e9be05e69259fa0d7166d6213b9c61e4f8e6dde0400f94a92afdbcee36190d97ef141e0ec4cad7797c70c
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Suspicious use of NtCreateProcessExOtherParentProcess
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankerbotnettrojan

behavioral2

danabotbankerbotnettrojan

© 2018-2024

Terms | Privacy