danabot | 68027593e9c91fe4f0e1412ed861dcd1d70b4bf1e101d907fd32d58fa95d3c04 | Triage

Submit
Reports

Overview

overview

Static

static

C88E21014F...DB.dll

windows7_x64

C88E21014F...DB.dll

windows10-2004_x64

Sharing

General

Target

C88E21014F321E99295005388B9016DB.bin
Size

2.6MB
Sample

220709-jnnt9sfee9
MD5

a114d7b1a54be867c02afced9031fb36
SHA1

5d1085a73bcb42afbe71c298ad0d2b0b304d5b2b
SHA256

68027593e9c91fe4f0e1412ed861dcd1d70b4bf1e101d907fd32d58fa95d3c04
SHA512

1fb96b51340e619ab2f62f3a2b2d009061198a7b300292363dedfa91ea58fc18929d33510e3648f3c78f69b8dfa5b1af66677cb352fdaa1ffc50f8403c0f389a

Score

10^/10

danabot banker collection discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

C88E21014F321E99295005388B9016DB.dll

Resource

win7-20220414-en

danabot banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

C88E21014F321E99295005388B9016DB.dll

Resource

win10v2004-20220414-en

danabot banker collection discovery spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

danabot

C2

5.39.222.5:443

5.39.222.7:443

139.60.163.160:443

139.60.163.37:443

Attributes

embedded_hash
A128532C2B6B13F149C953BA34A9F24D
type
loader

Targets

- Target
  
  C88E21014F321E99295005388B9016DB.bin
- Size
  
  2.6MB
- MD5
  
  a114d7b1a54be867c02afced9031fb36
- SHA1
  
  5d1085a73bcb42afbe71c298ad0d2b0b304d5b2b
- SHA256
  
  68027593e9c91fe4f0e1412ed861dcd1d70b4bf1e101d907fd32d58fa95d3c04
- SHA512
  
  1fb96b51340e619ab2f62f3a2b2d009061198a7b300292363dedfa91ea58fc18929d33510e3648f3c78f69b8dfa5b1af66677cb352fdaa1ffc50f8403c0f389a
Score

10^/10

danabot banker trojan collection discovery spyware stealer
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankercollectiondiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy