Overview

overview

10

Static

static

CRA_INV_20...73.vbs

windows7_x64

10

CRA_INV_20...73.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    35379405458f08be8afec4ffd8dda80be6234a9c636fc067b86c9ae49a13f117

  • Size

    2.1MB

  • Sample

    220619-w3s4raahd3

  • MD5

    1d6f0d35867605b8bdcc35ac82ab5583

  • SHA1

    1a884c19b7f9111a0bf1a63410b67fce3f6a0c1b

  • SHA256

    35379405458f08be8afec4ffd8dda80be6234a9c636fc067b86c9ae49a13f117

  • SHA512

    7aa99fc795e54705ca9a06e662a97457884c19dbd778e585e7ba18fbf0f1ba29fd163e2cf23188e743ca07358454585088bd794f1976212c853835e134b5d1b1

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

181.63.44.194

207.148.83.108

45.77.40.71

87.115.138.169

24.229.48.7

116.111.206.27

45.196.143.203

218.65.3.199

131.59.110.186

113.81.97.96
rsa_pubkey.plain

Targets

    • Target

      CRA_INV_2019_365321426273/CRA_INV_2019_365321426273.vbs

    • Size

      23.7MB

    • MD5

      611c2bf7aa7bb62e90f3a92f3682c0b5

    • SHA1

      4a863046a56c0582ac43acabd7f465c725392799

    • SHA256

      f74001bcf33072d683af2fcd20b1e0f1902b86a33898b37df1f364c31136a4ee

    • SHA512

      24adbc4cf7ebed6ac6f5a9a08396d41af15f1d6586890d43be40dd6220f746bcd8ebf2d6bee4a8632a406842e8ece0afff4dfde2e58aabedd19ea15ee3984c60

    Score
    10/10
    danabotbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks