Overview

overview

10

Static

static

dana.vbs

windows7-x64

10

dana.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dana.vbs

  • Size

    1.4MB

  • Sample

    220820-v6x2fahcf3

  • MD5

    a044c72c7f6f03fcacdd752412a03c1f

  • SHA1

    bc48611b299c90d14d2847ce201fea2bb15e9a08

  • SHA256

    6ac20d40a2425f1366ca2f69953f15c374b010d3738b4a430cb6f3935ef3c7c1

  • SHA512

    547a89a9ea81df9527b74cbb1715d32dfc74a9b43b9e107edaea2f686c8d4a3728360b57aaa7fdc461eb3addd6e82037e6ba44e61645adfb41d802972f2eb8e2

  • SSDEEP

    6144:M3oFMTG9dBGc8hR7/1Cs95L+qbDBdmoAcT:M3dxZt

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

185.43.196.194

170.36.230.93

25.125.161.14

152.163.122.91

252.243.36.124

94.2.203.24

95.179.186.57

58.41.130.190

89.144.25.104

182.54.114.216
rsa_pubkey.plain

Targets

    • Target

      dana.vbs

    • Size

      1.4MB

    • MD5

      a044c72c7f6f03fcacdd752412a03c1f

    • SHA1

      bc48611b299c90d14d2847ce201fea2bb15e9a08

    • SHA256

      6ac20d40a2425f1366ca2f69953f15c374b010d3738b4a430cb6f3935ef3c7c1

    • SHA512

      547a89a9ea81df9527b74cbb1715d32dfc74a9b43b9e107edaea2f686c8d4a3728360b57aaa7fdc461eb3addd6e82037e6ba44e61645adfb41d802972f2eb8e2

    • SSDEEP

      6144:M3oFMTG9dBGc8hR7/1Cs95L+qbDBdmoAcT:M3dxZt

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks