danabot | 07da9675d3bc10b24556f52d6367cd6ececa1a82c3b9ba4e32c8b98c38f7d792 | Triage

Sharing

General

Target

07da9675d3bc10b24556f52d6367cd6ececa1a82c3b9ba4e32c8b98c38f7d792
Size

5.9MB
Sample

220531-aq2pgaccep
MD5

924a8842dc173cb74872a5a215d1dd4d
SHA1

de08c5e3e5e98af24444fc567c7a08c43a021dee
SHA256

07da9675d3bc10b24556f52d6367cd6ececa1a82c3b9ba4e32c8b98c38f7d792
SHA512

eb31f117a86a4fc6606489bb818f124d16c572d54b542ee5947193218435cbe9d2fb37511e9c0666b2fe49ed6636e5b3e5f6c4c07b10930c2802c75d3569686c

Score

10^/10

danabot 3 banker discovery spyware stealer suricata trojan

Malware Config

Extracted

Family

danabot

Version

1765

Botnet

3

C2

192.3.26.107:443

193.34.167.88:443

134.119.186.216:443

192.210.198.12:443

Attributes

embedded_hash
A3CC9056F97D33ED99C3617A0B08AA79
type
main

rsa_pubkey.plain

rsa_pubkey.plain

Targets

- Target
  
  07da9675d3bc10b24556f52d6367cd6ececa1a82c3b9ba4e32c8b98c38f7d792
- Size
  
  5.9MB
- MD5
  
  924a8842dc173cb74872a5a215d1dd4d
- SHA1
  
  de08c5e3e5e98af24444fc567c7a08c43a021dee
- SHA256
  
  07da9675d3bc10b24556f52d6367cd6ececa1a82c3b9ba4e32c8b98c38f7d792
- SHA512
  
  eb31f117a86a4fc6606489bb818f124d16c572d54b542ee5947193218435cbe9d2fb37511e9c0666b2fe49ed6636e5b3e5f6c4c07b10930c2802c75d3569686c
Score

10^/10

danabot 3 banker discovery spyware stealer suricata trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- suricata: ET MALWARE Danabot Key Exchange Request
  suricata: ET MALWARE Danabot Key Exchange Request
  suricata
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabot3bankerdiscoveryspywarestealersuricatatrojan

behavioral2

danabot3bankerdiscoveryspywarestealersuricatatrojan