danabot | 0dfc49086d548646c7ce4c7a5c8cc2b739e0dbdd8e25cd05433eedfbf7a0e199 | Triage

Submit
Reports

Overview

overview

Static

static

0dfc49086d...99.exe

windows7_x64

0dfc49086d...99.exe

windows10-2004_x64

Sharing

General

Target

0dfc49086d548646c7ce4c7a5c8cc2b739e0dbdd8e25cd05433eedfbf7a0e199
Size

816KB
Sample

220502-rvt9mahcdq
MD5

f8340e0fd74ed7b1584c359426c84126
SHA1

2e9c7cec164ae225325fc82f36b64602f0f634a3
SHA256

0dfc49086d548646c7ce4c7a5c8cc2b739e0dbdd8e25cd05433eedfbf7a0e199
SHA512

1188b879085cfc22a42008654c3437e893455274475686cd0c7762de0ef39594ea3b249f579c11532fe801ef2c5b4ee329bc09ab8e68e8f8b25176e4006c952e

Score

10^/10

danabot banker botnet trojan

Static task

static1

Behavioral task

behavioral1

Sample

0dfc49086d548646c7ce4c7a5c8cc2b739e0dbdd8e25cd05433eedfbf7a0e199.exe

Resource

win7-20220414-en

danabot banker botnet trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0dfc49086d548646c7ce4c7a5c8cc2b739e0dbdd8e25cd05433eedfbf7a0e199.exe

Resource

win10v2004-20220414-en

danabot banker botnet trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

179.188.90.35

236.52.255.191

115.151.162.88

208.33.64.109

195.123.220.45

151.236.14.84

52.114.234.13

77.103.60.165

13.225.92.107

180.111.168.9

rsa_pubkey.plain

Targets

- Target
  
  0dfc49086d548646c7ce4c7a5c8cc2b739e0dbdd8e25cd05433eedfbf7a0e199
- Size
  
  816KB
- MD5
  
  f8340e0fd74ed7b1584c359426c84126
- SHA1
  
  2e9c7cec164ae225325fc82f36b64602f0f634a3
- SHA256
  
  0dfc49086d548646c7ce4c7a5c8cc2b739e0dbdd8e25cd05433eedfbf7a0e199
- SHA512
  
  1188b879085cfc22a42008654c3437e893455274475686cd0c7762de0ef39594ea3b249f579c11532fe801ef2c5b4ee329bc09ab8e68e8f8b25176e4006c952e
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankerbotnettrojan

behavioral2

danabotbankerbotnettrojan

© 2018-2024

Terms | Privacy