danabot | b6e2dcddf2c2b5ed16db6c0d63ddd9aee550666e347c6aabb9e278fd839ae240 | Triage

Sharing

General

Target

4b9d0eec327ee2422af8e720fc33dee3.dll
Size

1.3MB
Sample

220413-yr36paffgk
MD5

4b9d0eec327ee2422af8e720fc33dee3
SHA1

adf9c54bcc31cdc45ceea8bc8ade56e55de71121
SHA256

b6e2dcddf2c2b5ed16db6c0d63ddd9aee550666e347c6aabb9e278fd839ae240
SHA512

76f61870911a41f7b9f0aa5bd0662c32ea9fe6fa0dc23b97a7f5f1e9cd387de544b1197cf39117a70f139fda43a73ec543b3a75b7cb6b7d12b68dcacdeafedec

Score

10^/10

danabot 4 banker suricata trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

104.168.148.6:443

5.9.224.204:443

192.210.222.81:443

23.229.29.48:443

Attributes

embedded_hash
0E1A7A1479C37094441FA911262B322A
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  4b9d0eec327ee2422af8e720fc33dee3.dll
- Size
  
  1.3MB
- MD5
  
  4b9d0eec327ee2422af8e720fc33dee3
- SHA1
  
  adf9c54bcc31cdc45ceea8bc8ade56e55de71121
- SHA256
  
  b6e2dcddf2c2b5ed16db6c0d63ddd9aee550666e347c6aabb9e278fd839ae240
- SHA512
  
  76f61870911a41f7b9f0aa5bd0662c32ea9fe6fa0dc23b97a7f5f1e9cd387de544b1197cf39117a70f139fda43a73ec543b3a75b7cb6b7d12b68dcacdeafedec
Score

10^/10

danabot 4 banker suricata trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- suricata: ET MALWARE Danabot Key Exchange Request
  suricata: ET MALWARE Danabot Key Exchange Request
  suricata
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankersuricatatrojan

behavioral2

danabot4bankersuricatatrojan