danabot | 46478b9d9f1a0eddae3c3c94738b505c7d45aed0ed19051b6883186c77259f2a | Triage

Sharing

General

Target

46478b9d9f1a0eddae3c3c94738b505c7d45aed0ed19051b6883186c77259f2a
Size

2.1MB
Sample

220707-k8dqgacfa7
MD5

0b072c181052f04bedcb5080842f3766
SHA1

d9e57acf3c5343b4fdd6b9b1277e0474e5c3a83c
SHA256

46478b9d9f1a0eddae3c3c94738b505c7d45aed0ed19051b6883186c77259f2a
SHA512

9ce1af9395ae5192b320e7664088cf7bc08eb2e289e1febc2552650c432f847ce087c50a360c8be5658d2ae3acef2207d4a5ed2a37c5ce70c1f22258bbd57a93

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

181.63.44.194

207.148.83.108

45.77.40.71

87.115.138.169

24.229.48.7

116.111.206.27

45.196.143.203

218.65.3.199

131.59.110.186

113.81.97.96

rsa_pubkey.plain

Targets

- Target
  
  CRA_INV_2019_148625782140/CRA_INV_2019_148625782140.vbs
- Size
  
  23.7MB
- MD5
  
  611c2bf7aa7bb62e90f3a92f3682c0b5
- SHA1
  
  4a863046a56c0582ac43acabd7f465c725392799
- SHA256
  
  f74001bcf33072d683af2fcd20b1e0f1902b86a33898b37df1f364c31136a4ee
- SHA512
  
  24adbc4cf7ebed6ac6f5a9a08396d41af15f1d6586890d43be40dd6220f746bcd8ebf2d6bee4a8632a406842e8ece0afff4dfde2e58aabedd19ea15ee3984c60
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan