danabot | 1786eeaf18edf62b9e6f500924f673494bba309f29d092a86cb57db5e9e6e5e5 | Triage

Sharing

General

Target

1786eeaf18edf62b9e6f500924f673494bba309f29d092a86cb57db5e9e6e5e5
Size

2.1MB
Sample

220608-zfwg5sgcgj
MD5

07e5651d1ad59245b06802ae3d1cce59
SHA1

80a5d6fb874ad72f2353affa4c805d87588ddeb3
SHA256

1786eeaf18edf62b9e6f500924f673494bba309f29d092a86cb57db5e9e6e5e5
SHA512

39429c2b5f39dab9afb4a1f6ca4032b6f14a192dc89ea8717b5739676377e99449a2b49e6702d100d12a0a5d36967f04cd70bc14e5fdb27fd9c6160c87e4cbd5

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

181.63.44.194

207.148.83.108

45.77.40.71

87.115.138.169

24.229.48.7

116.111.206.27

45.196.143.203

218.65.3.199

131.59.110.186

113.81.97.96

rsa_pubkey.plain

Targets

- Target
  
  CRA_INV_2019_355240142932/CRA_INV_2019_355240142932.vbs
- Size
  
  24.3MB
- MD5
  
  350e751bb68ade139e174d65008eebe0
- SHA1
  
  f235f388686573edd1475f337c9b5b34afd4b9e1
- SHA256
  
  d39e3c62fb0b70846240f3d73a3885d5024eebcc9e61fa77f5ebbb450fbf7620
- SHA512
  
  3b34c36fd8e2e9b83150cfe652bc34c615b0017174f35d4ba2513d63b73aa51ae75c928f7e6307bd29d9adeb3222cb6ba8f19c0feeab53d2cf2f66ca43394f47
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan