danabot | 47a76fcca7a16b5df3247af6445add83cf50cfe12fffa53bfba37e2079d5a7d7 | Triage

Sharing

General

Target

47a76fcca7a16b5df3247af6445add83cf50cfe12fffa53bfba37e2079d5a7d7
Size

2.1MB
Sample

220714-gn8tbsghcj
MD5

dab55f2f947137768b146dd7b1ad14b0
SHA1

6105e216ea30f15ed9378ea8a5a229166f7c9685
SHA256

47a76fcca7a16b5df3247af6445add83cf50cfe12fffa53bfba37e2079d5a7d7
SHA512

c2f1592cbdd1ea4c7dd816db258d09ec2ca2e542e40a988e257863731e08a7b1defbcd3b054fb666afa00bfa6f62e0c5c8405fc25f841095a0932ef0f28bbc6a

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

181.63.44.194

207.148.83.108

45.77.40.71

87.115.138.169

24.229.48.7

116.111.206.27

45.196.143.203

218.65.3.199

131.59.110.186

113.81.97.96

rsa_pubkey.plain

Targets

- Target
  
  CRA_INV_2019_971532009702/CRA_INV_2019_971532009702.vbs
- Size
  
  22.6MB
- MD5
  
  5d970965b78013545a9c0d32eb10ee61
- SHA1
  
  29c055edc3c0de81add7741034f2aa8f038bc638
- SHA256
  
  50b32f4330ee0822a8010830064aaae8d58a32e556cf77e4dcb624e640ec2234
- SHA512
  
  a4a344f279c156edc1ed6d5c072962006ab84781f9ed5e3b718d94559c3fb6b6dcdf429020a1458528edd957334c718c7fe641117b5f50fad4a2d18ec5b723a5
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan