danabot | 35bb9fb5b4801c32caa7c9b1d178f6a11d88cf849394333d450d9fc36dac0c1f | Triage

Resubmissions

03-05-2022 13:04

220503-qbdbbshfdk 8

25-04-2022 15:50

220425-s9x5haggej 8

Sharing

General

Target

201715e350439f6d19ce61769e5bb8d5.exe
Size

1.0MB
Sample

220503-qbdbbshfdk
MD5

201715e350439f6d19ce61769e5bb8d5
SHA1

38f5365dfe6d9d31d75b5637ddcbdb8db8cb35c6
SHA256

35bb9fb5b4801c32caa7c9b1d178f6a11d88cf849394333d450d9fc36dac0c1f
SHA512

32eaa99506f68b8a9f814f795fc0f10fa426ff91f10cb0ea3ae5684a5b468fcf066bc05c3b1146f649e310813d0a32e4d1b6d86ac761ca07914ab3c14e2a8c72

Score

10^/10

danabot 6 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

6

C2

192.236.160.249:443

104.168.234.51:443

23.254.161.215:443

192.236.147.212:443

Attributes

embedded_hash
A471231BC0846BE9EFCDD39DCBA967C5
type
loader

Extracted

Family

danabot

Attributes

type
loader

Targets

- Target
  
  201715e350439f6d19ce61769e5bb8d5.exe
- Size
  
  1.0MB
- MD5
  
  201715e350439f6d19ce61769e5bb8d5
- SHA1
  
  38f5365dfe6d9d31d75b5637ddcbdb8db8cb35c6
- SHA256
  
  35bb9fb5b4801c32caa7c9b1d178f6a11d88cf849394333d450d9fc36dac0c1f
- SHA512
  
  32eaa99506f68b8a9f814f795fc0f10fa426ff91f10cb0ea3ae5684a5b468fcf066bc05c3b1146f649e310813d0a32e4d1b6d86ac761ca07914ab3c14e2a8c72
Score

10^/10

danabot 6 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot6bankertrojan

behavioral2

danabot6bankertrojan