Overview

overview

10

Static

static

68EE7EE798...8B.exe

windows7_x64

10

68EE7EE798...8B.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    68EE7EE7983F90BCBAE20FB9EA3A46DD25BED22A89F8B.exe

  • Size

    3.9MB

  • Sample

    220625-vtn8rsfcd6

  • MD5

    62b0fc496f6adea7a67a190ad894860e

  • SHA1

    de684df44e9cb64985ecdb18a2f6dd99c87b0862

  • SHA256

    68ee7ee7983f90bcbae20fb9ea3a46dd25bed22a89f8b21515a3460bbd8cb78e

  • SHA512

    48a4b01a5b559326b8fa51a074373e4b24511f51ca54a08ec5331ec8376249b77966dee698ed9ddd453e2062e586c0ec02be48bd13b1819583a3984c1645de0e

Score
10/10
danabot3bankerdiscoveryspywarestealersuricatatrojan

Malware Config

Extracted

Family

danabot

Version

1755

Botnet

3

C2

192.236.192.241:443

134.119.186.199:443

193.34.167.163:443

192.236.192.238:443
Attributes
  • embedded_hash

    82C66843DE542BC5CB88F713DE39B52B

  • type

    main

rsa_pubkey.plain
rsa_pubkey.plain

Targets

    • Target

      68EE7EE7983F90BCBAE20FB9EA3A46DD25BED22A89F8B.exe

    • Size

      3.9MB

    • MD5

      62b0fc496f6adea7a67a190ad894860e

    • SHA1

      de684df44e9cb64985ecdb18a2f6dd99c87b0862

    • SHA256

      68ee7ee7983f90bcbae20fb9ea3a46dd25bed22a89f8b21515a3460bbd8cb78e

    • SHA512

      48a4b01a5b559326b8fa51a074373e4b24511f51ca54a08ec5331ec8376249b77966dee698ed9ddd453e2062e586c0ec02be48bd13b1819583a3984c1645de0e

    Score
    10/10
    danabot3bankerdiscoveryspywarestealersuricatatrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • suricata: ET MALWARE Danabot Key Exchange Request

      suricata: ET MALWARE Danabot Key Exchange Request

      suricata

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks