Overview

overview

10

Static

static

00192038_00192.scr

windows7_x64

10

00192038_00192.scr

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e2672a2317672593f579398b10f2128bd299fb259c3c92ad57091f22f0bacc5

  • Size

    364KB

  • Sample

    220701-qhc9xadgcn

  • MD5

    399be6621b6c278df5b3dd72f82307a3

  • SHA1

    72cc89d1b4697eb32062ca8b7594c4520c0e0bbe

  • SHA256

    3e2672a2317672593f579398b10f2128bd299fb259c3c92ad57091f22f0bacc5

  • SHA512

    bd6011d08ea9cff78ef114f29ee7eb4e759afdfc3d75c966cb56a1e3f085e1da0e334170fc04a730d9527d77e792892c42f51d7a10d44557f5f771aa0779a429

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

55.213.39.105

41.170.199.149

192.71.249.51

234.55.93.177

154.247.212.176

160.246.140.43

217.228.238.7

238.44.175.155

180.62.77.191

178.209.51.211
rsa_pubkey.plain

Targets

    • Target

      00192038_00192.scr

    • Size

      453KB

    • MD5

      aa0ceac2adff012dc0ba93e1c5bb72ab

    • SHA1

      31ff6c14bf11786d3084cf569669a0af457d1084

    • SHA256

      864b7f9f0446958428151bdffbfeb3ce566a1b82ca87b4abeb8e75e1e36f39ac

    • SHA512

      36200bb05b1dc97b0e6bc17a0add145fa3600f18e701ed568f28c09a19c15e7a4820f37161831450d50ab7be9f232da2fdac5b6f70c069cd0e1003af0570e6e0

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks