danabot | 95c27d002213104e4029df6f785dba30a0fd7fc7bf1aeb27e15f669edbc27d85 | Triage

Sharing

General

Target

95c27d002213104e4029df6f785dba30a0fd7fc7bf1aeb27e15f669edbc27d85
Size

3.9MB
Sample

220306-2anapafgf8
MD5

cdb7cedd0d9adb7c036b49f4ff2eb5c4
SHA1

fc4a2c47085d30633bcd220d821455d333bee647
SHA256

95c27d002213104e4029df6f785dba30a0fd7fc7bf1aeb27e15f669edbc27d85
SHA512

6bd6231e90097e0a5c0e8fa36175f9f7c5a6dd41f4e53ea6ae87ac3234bba8ee6b975c802c05228d4f09c7f0e04c43773f7814b8324529e58b9946b28a01c43c

Score

10^/10

danabot 3 banker discovery spyware stealer trojan

Malware Config

Extracted

Family

danabot

Version

1732

Botnet

3

C2

23.106.123.249:443

51.195.73.129:443

167.114.188.38:443

23.226.132.92:443

Attributes

embedded_hash
E1D3580C52F82AF2B3596E20FB85D9F4
type
main

rsa_pubkey.plain

rsa_pubkey.plain

Targets

- Target
  
  95c27d002213104e4029df6f785dba30a0fd7fc7bf1aeb27e15f669edbc27d85
- Size
  
  3.9MB
- MD5
  
  cdb7cedd0d9adb7c036b49f4ff2eb5c4
- SHA1
  
  fc4a2c47085d30633bcd220d821455d333bee647
- SHA256
  
  95c27d002213104e4029df6f785dba30a0fd7fc7bf1aeb27e15f669edbc27d85
- SHA512
  
  6bd6231e90097e0a5c0e8fa36175f9f7c5a6dd41f4e53ea6ae87ac3234bba8ee6b975c802c05228d4f09c7f0e04c43773f7814b8324529e58b9946b28a01c43c
Score

10^/10

danabot 3 banker discovery spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabot3bankerdiscoveryspywarestealertrojan

behavioral2

danabot3bankerdiscoveryspywarestealertrojan