Overview

overview

10

Static

static

CRA_INV_20...06.vbs

windows7-x64

10

CRA_INV_20...06.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5f801d5aa6e0ffcf00c6d7489804be02c8fcede6be789d1c650f6f59ba1bfae0

  • Size

    2.1MB

  • Sample

    220731-np187sfcej

  • MD5

    592dfc6fbc84598aa23fa121de6287a5

  • SHA1

    6d3688a452e173a50c7ade28ef07b4d8a3f2b720

  • SHA256

    5f801d5aa6e0ffcf00c6d7489804be02c8fcede6be789d1c650f6f59ba1bfae0

  • SHA512

    ab6173b357420214db640315b8616df3dc38948ec14ebedb6f9e609168c9726c09b5d6db053f34cc6c0e67487e3170b5fd259b58de93d7bb70b5dcb943cf9b85

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

181.63.44.194

207.148.83.108

45.77.40.71

87.115.138.169

24.229.48.7

116.111.206.27

45.196.143.203

218.65.3.199

131.59.110.186

113.81.97.96
rsa_pubkey.plain

Targets

    • Target

      CRA_INV_2019_541101959306/CRA_INV_2019_541101959306.vbs

    • Size

      23.7MB

    • MD5

      611c2bf7aa7bb62e90f3a92f3682c0b5

    • SHA1

      4a863046a56c0582ac43acabd7f465c725392799

    • SHA256

      f74001bcf33072d683af2fcd20b1e0f1902b86a33898b37df1f364c31136a4ee

    • SHA512

      24adbc4cf7ebed6ac6f5a9a08396d41af15f1d6586890d43be40dd6220f746bcd8ebf2d6bee4a8632a406842e8ece0afff4dfde2e58aabedd19ea15ee3984c60

    Score
    10/10
    danabotbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks