danabot | 2aa813e888606a1acab6e89ea886c993d448f1ae97a0f46fb8cc670decc850f1 | Triage

Submit
Reports

Overview

overview

Static

static

2aa813e888...f1.exe

windows7_x64

2aa813e888...f1.exe

windows10-2004_x64

Sharing

General

Target

2aa813e888606a1acab6e89ea886c993d448f1ae97a0f46fb8cc670decc850f1
Size

890KB
Sample

220615-fg6jysdger
MD5

7c0cae1c4eb0e3633d5b4e7fe2be525f
SHA1

00b865b9d5178d72ecc03c0462800a4b8e7e93ef
SHA256

2aa813e888606a1acab6e89ea886c993d448f1ae97a0f46fb8cc670decc850f1
SHA512

8a0d2db90ed27fb3eb1747c6d9d4505d64eb67a6f3db9ab25756b22f86e08407a6d28a60cea8c49aeb3e1e5178acc4f0d899a2a1582a88b7ccc9b9c2a9f6d55f

Score

10^/10

danabot banker botnet trojan

Static task

static1

Behavioral task

behavioral1

Sample

2aa813e888606a1acab6e89ea886c993d448f1ae97a0f46fb8cc670decc850f1.exe

Resource

win7-20220414-en

danabot banker botnet trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2aa813e888606a1acab6e89ea886c993d448f1ae97a0f46fb8cc670decc850f1.exe

Resource

win10v2004-20220414-en

danabot banker botnet trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

224.233.78.25

56.240.227.37

96.59.105.177

253.78.52.99

149.154.159.213

89.217.209.119

195.123.220.45

177.223.102.4

6.164.247.12

250.48.199.39

rsa_pubkey.plain

Targets

- Target
  
  2aa813e888606a1acab6e89ea886c993d448f1ae97a0f46fb8cc670decc850f1
- Size
  
  890KB
- MD5
  
  7c0cae1c4eb0e3633d5b4e7fe2be525f
- SHA1
  
  00b865b9d5178d72ecc03c0462800a4b8e7e93ef
- SHA256
  
  2aa813e888606a1acab6e89ea886c993d448f1ae97a0f46fb8cc670decc850f1
- SHA512
  
  8a0d2db90ed27fb3eb1747c6d9d4505d64eb67a6f3db9ab25756b22f86e08407a6d28a60cea8c49aeb3e1e5178acc4f0d899a2a1582a88b7ccc9b9c2a9f6d55f
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankerbotnettrojan

behavioral2

danabotbankerbotnettrojan

© 2018-2024

Terms | Privacy