danabot | 039d264f6276dcbde5ddcc40808ccc215a914cbd0bbcc67e317d9cb92d7b9020 | Triage

Submit
Reports

Overview

overview

Static

static

6sqtt_0707...44.vbs

windows7_x64

6sqtt_0707...44.vbs

windows10-2004_x64

Sharing

General

Target

6sqtt_07072022_103144.vbs
Size

8KB
Sample

220709-hgb2fscecm
MD5

6ebff0e37948aa39e62905c59795ab31
SHA1

985d46dce1d208445d3e54be9ce8a6d2e7843823
SHA256

039d264f6276dcbde5ddcc40808ccc215a914cbd0bbcc67e317d9cb92d7b9020
SHA512

fe4440f7824017317b74974b318a58251ed6756049cfd05de9dda5d9b379ba6dd637e59fee3ca996712ae3442cdd54fd190cf208ad20d92a4c5a67111b7d78e6

Score

10^/10

danabot banker collection discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

6sqtt_07072022_103144.vbs

Resource

win7-20220414-en

danabot banker discovery trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6sqtt_07072022_103144.vbs

Resource

win10v2004-20220414-en

danabot banker collection discovery spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

100.0.0.0:5148

58.50.42.34:13886

26.18.10.2:5662

60.52.44.36:14400

Attributes

embedded_hash
zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
type
loader

Targets

- Target
  
  6sqtt_07072022_103144.vbs
- Size
  
  8KB
- MD5
  
  6ebff0e37948aa39e62905c59795ab31
- SHA1
  
  985d46dce1d208445d3e54be9ce8a6d2e7843823
- SHA256
  
  039d264f6276dcbde5ddcc40808ccc215a914cbd0bbcc67e317d9cb92d7b9020
- SHA512
  
  fe4440f7824017317b74974b318a58251ed6756049cfd05de9dda5d9b379ba6dd637e59fee3ca996712ae3442cdd54fd190cf208ad20d92a4c5a67111b7d78e6
Score

10^/10

danabot banker discovery trojan collection spyware stealer
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankerdiscoverytrojan

behavioral2

danabotbankercollectiondiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy