danabot | 284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc | Triage

Submit
Reports

Overview

overview

Static

static

284eb686af...fc.exe

windows7_x64

8

284eb686af...fc.exe

windows10-2004_x64

Sharing

General

Target

284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc
Size

1.0MB
Sample

220627-jqjy4abfc6
MD5

ba55442cdf361e070f7ca8a07046cd38
SHA1

e61d143672c9bad99472aa885003a20574eddf32
SHA256

284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc
SHA512

a6e1669bf9a159d3d36aa24e7210854667c144f0f34c7d38fb6c2848d1687964c7d48d7760f99898eb4eb8d8eebf1be595890e80273c7d4326069c2a9d13feff

Score

10^/10

danabot 3829762824 banker collection discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc.exe

Resource

win10v2004-20220414-en

danabot 3829762824 banker collection discovery spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

100.0.0.0:5148

58.50.42.34:13886

26.18.10.2:5662

60.52.44.36:14400

Attributes

embedded_hash
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
type
loader

Extracted

Family

danabot

Botnet

3829762824

C2

0.0.233.180:63873

0.0.0.235:0

115.139.85.12:17803

51.201.138.10:3141

Attributes

embedded_hash
s�t�e�m�.�I�d�e�n�t�i�t�y�M�o�d�
type
loader

Targets

- Target
  
  284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc
- Size
  
  1.0MB
- MD5
  
  ba55442cdf361e070f7ca8a07046cd38
- SHA1
  
  e61d143672c9bad99472aa885003a20574eddf32
- SHA256
  
  284eb686af9cb14c8176f47708136a9643af1b5c5102b61737735c6a04bef4fc
- SHA512
  
  a6e1669bf9a159d3d36aa24e7210854667c144f0f34c7d38fb6c2848d1687964c7d48d7760f99898eb4eb8d8eebf1be595890e80273c7d4326069c2a9d13feff
Score

10^/10

danabot 3829762824 banker collection discovery spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

danabot3829762824bankercollectiondiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy