danabot

General

Target

3DB3FA9C6911D2585A4DE4AEE63A9755639F20EBDD732.exe
Size

5.9MB
Sample

220716-we61psebel
MD5

0148d6c2e66d6bbe2fba2d3a8519062d
SHA1

065ec47b9e8d70f1b9bcf8059243821015cc2d5e
SHA256

3db3fa9c6911d2585a4de4aee63a9755639f20ebdd7322ace60326b2ea04cb23
SHA512

27644be3d4a9055dd9bab7011e218b02a7a9d4ea8dc38c00f66fca75578d2903744571c1c39a83a2985e4d6d45460ceeda8b7234180a2a0e7676b6d9821e25f2

Score

10^/10

danabot 3 banker discovery spyware stealer suricata trojan

Malware Config

Extracted

Family

danabot

Version

1765

Botnet

3

C2

142.44.224.16:443

193.34.167.88:443

192.236.146.203:443

192.3.26.107:443

Attributes

embedded_hash
B2585F6479280F48B64C99F950BBF36D
type
main

rsa_pubkey.plain

Targets

- Target
  
  3DB3FA9C6911D2585A4DE4AEE63A9755639F20EBDD732.exe
- Size
  
  5.9MB
- MD5
  
  0148d6c2e66d6bbe2fba2d3a8519062d
- SHA1
  
  065ec47b9e8d70f1b9bcf8059243821015cc2d5e
- SHA256
  
  3db3fa9c6911d2585a4de4aee63a9755639f20ebdd7322ace60326b2ea04cb23
- SHA512
  
  27644be3d4a9055dd9bab7011e218b02a7a9d4ea8dc38c00f66fca75578d2903744571c1c39a83a2985e4d6d45460ceeda8b7234180a2a0e7676b6d9821e25f2
Score

10^/10

danabot 3 banker discovery spyware stealer suricata trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- suricata: ET MALWARE Danabot Key Exchange Request
  suricata: ET MALWARE Danabot Key Exchange Request
  suricata
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Query Registry

2

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Danabot Key Exchange Request

Blocklisted process makes network request

Deletes itself

Loads dropped DLL

Reads user/profile data of web browsers

Checks installed software on the system

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2