Overview

overview

10

Static

static

8

C4BA15D516...46.exe

windows7_x64

10

C4BA15D516...46.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    C4BA15D516F167A6DBCBA5DE62B0ADB3E6F928A9CF746.exe

  • Size

    4.4MB

  • Sample

    220625-s8rlbscffk

  • MD5

    2820526d4b78eb0f74e15f2755bf11a2

  • SHA1

    282330102009652ba0a20de22617bf0cba352766

  • SHA256

    c4ba15d516f167a6dbcba5de62b0adb3e6f928a9cf746e7eb1ed5eb8bc852db2

  • SHA512

    fd0a9679cd82d5cb056d3dbd938877bf996bdee74bc8708f582e212d43305fdf75971cb1669e20d2f3c8e03be893f5c03b0b4577292b6a81486d1bb1e07fd44e

Score
10/10
danabot3bankerdiscoveryspywarestealersuricatatrojanupx

Malware Config

Extracted

Family

danabot

Version

1732

Botnet

3

C2

23.106.122.10:443

193.34.167.163:443

192.236.192.241:443

192.236.192.238:443
Attributes
  • embedded_hash

    CF4A570E177DE0D08BB5A391C595CBD7

  • type

    main

rsa_pubkey.plain
rsa_pubkey.plain

Targets

    • Target

      C4BA15D516F167A6DBCBA5DE62B0ADB3E6F928A9CF746.exe

    • Size

      4.4MB

    • MD5

      2820526d4b78eb0f74e15f2755bf11a2

    • SHA1

      282330102009652ba0a20de22617bf0cba352766

    • SHA256

      c4ba15d516f167a6dbcba5de62b0adb3e6f928a9cf746e7eb1ed5eb8bc852db2

    • SHA512

      fd0a9679cd82d5cb056d3dbd938877bf996bdee74bc8708f582e212d43305fdf75971cb1669e20d2f3c8e03be893f5c03b0b4577292b6a81486d1bb1e07fd44e

    Score
    10/10
    danabot3bankerdiscoveryspywarestealersuricatatrojanupx

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • suricata: ET MALWARE Danabot Key Exchange Request

      suricata: ET MALWARE Danabot Key Exchange Request

      suricata

    • Blocklisted process makes network request

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks