danabot | 5aab954a5986b6ba257d0ef5acb1831b93c2794d451448633d14da9b1757dc78 | Triage

Sharing

General

Target

5aab954a5986b6ba257d0ef5acb1831b93c2794d451448633d14da9b1757dc78.vbs
Size

2.0MB
Sample

220514-gn7k9sfdg5
MD5

0d3d3c9053c6eeb36e6a42b29517d3a2
SHA1

18183f3682256080eef046b954717404b369924f
SHA256

5aab954a5986b6ba257d0ef5acb1831b93c2794d451448633d14da9b1757dc78
SHA512

a3d45d659239bf783e11468debf7d6534709f4f9e98ea66b55876b40965975da5a0b09d92afed6c99ca80fc3440e8202213ab18310c496d3eb9bb11b4d223960

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

195.123.220.45

84.141.50.190

215.212.21.6

237.250.131.153

59.37.192.38

155.120.247.148

142.167.76.43

75.56.111.148

195.123.246.209

68.158.26.25

rsa_pubkey.plain

Targets

- Target
  
  5aab954a5986b6ba257d0ef5acb1831b93c2794d451448633d14da9b1757dc78.vbs
- Size
  
  2.0MB
- MD5
  
  0d3d3c9053c6eeb36e6a42b29517d3a2
- SHA1
  
  18183f3682256080eef046b954717404b369924f
- SHA256
  
  5aab954a5986b6ba257d0ef5acb1831b93c2794d451448633d14da9b1757dc78
- SHA512
  
  a3d45d659239bf783e11468debf7d6534709f4f9e98ea66b55876b40965975da5a0b09d92afed6c99ca80fc3440e8202213ab18310c496d3eb9bb11b4d223960
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan