danabot | 490023fafc0631851361ebcdd71be6e81579613114b5befec4b5c2bb60704ff9 | Triage

Sharing

General

Target

490023fafc0631851361ebcdd71be6e81579613114b5befec4b5c2bb60704ff9
Size

2.1MB
Sample

220714-bkjgdafber
MD5

8199ade1144dad826ef6921bb2500667
SHA1

70c322b6c4d3853807520ae9137c34022cb5d0d7
SHA256

490023fafc0631851361ebcdd71be6e81579613114b5befec4b5c2bb60704ff9
SHA512

c3dbabf46a80e06462aa78a53f20d0b9e081b4c1891534290ba3de735b87cea58e6c920fd4a27f64bb40aa3eeb4f709a2dab1b8746aa63f592e8ad7e6edfb087

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

181.63.44.194

207.148.83.108

45.77.40.71

87.115.138.169

24.229.48.7

116.111.206.27

45.196.143.203

218.65.3.199

131.59.110.186

113.81.97.96

rsa_pubkey.plain

Targets

- Target
  
  CRA_INV_2019_809994565654/CRA_INV_2019_809994565654.vbs
- Size
  
  24.2MB
- MD5
  
  3818ef620d826c62136f450c32429ae5
- SHA1
  
  1297b772ec42586ce1c6db624e8948cbe265710d
- SHA256
  
  38c668144becb1199196394ad78df6694c86597a283aea61bd036dc1da2eef62
- SHA512
  
  9789441d9a76f62213ce9889422241c6732ec21ab4ddfff4b596136d327d393c03f8c2f0973b07fd88c7d21c1149d1418d3c153b6b802562ad4b9035ebe78c00
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan