danabot | a213c607bbace81a31e12bb7871cc6acda265b5c19f61593e49d9a3124ccb992 | Triage

Sharing

General

Target

a213c607bbace81a31e12bb7871cc6acda265b5c19f61593e49d9a3124ccb992
Size

4.4MB
Sample

220319-hrmwpsdfbl
MD5

758479c598ae9f73822b944914063868
SHA1

b06e935e4e660733e049995f299fc84dcf6daf90
SHA256

a213c607bbace81a31e12bb7871cc6acda265b5c19f61593e49d9a3124ccb992
SHA512

cbf6fb876246e6e999fa6c68db887077c27e9e71dc17cecb7bd38db51e3b0fe0788ad6315893af52a609f0ba6b7bbb0d62be0825007c210a6c46c62336db0ddd

Score

10^/10

danabot 3 banker discovery spyware stealer trojan upx

Malware Config

Extracted

Family

danabot

Version

1732

Botnet

3

C2

23.226.132.92:443

176.123.6.168:443

108.62.141.152:443

192.241.101.68:443

Attributes

embedded_hash
DE420A65BFC5F29167A85A5199065A0E
type
main

rsa_pubkey.plain

rsa_pubkey.plain

Targets

- Target
  
  a213c607bbace81a31e12bb7871cc6acda265b5c19f61593e49d9a3124ccb992
- Size
  
  4.4MB
- MD5
  
  758479c598ae9f73822b944914063868
- SHA1
  
  b06e935e4e660733e049995f299fc84dcf6daf90
- SHA256
  
  a213c607bbace81a31e12bb7871cc6acda265b5c19f61593e49d9a3124ccb992
- SHA512
  
  cbf6fb876246e6e999fa6c68db887077c27e9e71dc17cecb7bd38db51e3b0fe0788ad6315893af52a609f0ba6b7bbb0d62be0825007c210a6c46c62336db0ddd
Score

10^/10

danabot 3 banker discovery spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabot3bankerdiscoveryspywarestealertrojan

behavioral2

danabot3bankerdiscoveryspywarestealertrojan