danabot | 06ea48657f7e9f20bb7a3099f073b9fbe54d4f46c9829024ffd2ebbd066e060f | Triage

Submit
Reports

Overview

overview

Static

static

06ea48657f...0f.exe

windows7_x64

06ea48657f...0f.exe

windows10-2004_x64

Sharing

General

Target

06ea48657f7e9f20bb7a3099f073b9fbe54d4f46c9829024ffd2ebbd066e060f
Size

889KB
Sample

220531-em6lgaheeq
MD5

6b87be2e72a0bdd6c211fc414a5c1a4b
SHA1

069bad49436fc6fbc426f261e0292e021ba4cd3d
SHA256

06ea48657f7e9f20bb7a3099f073b9fbe54d4f46c9829024ffd2ebbd066e060f
SHA512

773fd3105da366a905841e3065973f76ff7b0ce98a990cd8c6173d9617473dd9485596a4be9d943a7ad4e3f0afedc368b6d21d9d6066a915adfa39b4cccc1a04

Score

10^/10

danabot banker botnet trojan

Static task

static1

Behavioral task

behavioral1

Sample

06ea48657f7e9f20bb7a3099f073b9fbe54d4f46c9829024ffd2ebbd066e060f.exe

Resource

win7-20220414-en

danabot banker botnet trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

06ea48657f7e9f20bb7a3099f073b9fbe54d4f46c9829024ffd2ebbd066e060f.exe

Resource

win10v2004-20220414-en

danabot banker botnet trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

66.165.187.11

5.188.86.20

146.229.67.12

63.52.107.167

236.45.221.28

227.169.205.146

149.154.159.213

72.184.122.49

114.26.195.117

154.94.158.126

rsa_pubkey.plain

Targets

- Target
  
  06ea48657f7e9f20bb7a3099f073b9fbe54d4f46c9829024ffd2ebbd066e060f
- Size
  
  889KB
- MD5
  
  6b87be2e72a0bdd6c211fc414a5c1a4b
- SHA1
  
  069bad49436fc6fbc426f261e0292e021ba4cd3d
- SHA256
  
  06ea48657f7e9f20bb7a3099f073b9fbe54d4f46c9829024ffd2ebbd066e060f
- SHA512
  
  773fd3105da366a905841e3065973f76ff7b0ce98a990cd8c6173d9617473dd9485596a4be9d943a7ad4e3f0afedc368b6d21d9d6066a915adfa39b4cccc1a04
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankerbotnettrojan

behavioral2

danabotbankerbotnettrojan

© 2018-2024

Terms | Privacy