danabot | 2b524898db45a552df6f133a75176ae35b3037515a807d99bbc8debf174f3aa0 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

Copy URL Twitter E-mail

General

Target

2b524898db45a552df6f133a75176ae35b3037515a807d99bbc8debf174f3aa0
Size

2.5MB
Sample

220910-y666wsecfl
MD5

4a1fa9f2b66e78715e321c7082f04114
SHA1

ba409290c92ccc69842e22f8b4848510b24c2a19
SHA256

2b524898db45a552df6f133a75176ae35b3037515a807d99bbc8debf174f3aa0
SHA512

093c28badea2c189106faba7bd9b7a28c657405820bd74c7db1464353e29639deff6a3b11271bd4e59bbb12d0fa5eb21a2e3ef4a735a88428d53c2f69f6bcc6e
SSDEEP

49152:KEVq87OqihTIn+0ZsfY0FwYJ49x+sp+wkuRJDu/Q34Sc:hVjOgp0X49NUCJDEQ

Score

10^/10

danabot banker collection discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

2b524898db45a552df6f133a75176ae35b3037515a807d99bbc8debf174f3aa0.exe

Resource

win10-20220812-en

danabot banker collection discovery spyware stealer trojan

windows10-1703-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

153.92.223.225:443

198.15.112.179:443

185.62.56.245:443

66.85.147.23:443

Attributes

embedded_hash
61A1CB063216C13FFD2E15D7F3F515E2
type
loader

Targets

- Target
  
  2b524898db45a552df6f133a75176ae35b3037515a807d99bbc8debf174f3aa0
- Size
  
  2.5MB
- MD5
  
  4a1fa9f2b66e78715e321c7082f04114
- SHA1
  
  ba409290c92ccc69842e22f8b4848510b24c2a19
- SHA256
  
  2b524898db45a552df6f133a75176ae35b3037515a807d99bbc8debf174f3aa0
- SHA512
  
  093c28badea2c189106faba7bd9b7a28c657405820bd74c7db1464353e29639deff6a3b11271bd4e59bbb12d0fa5eb21a2e3ef4a735a88428d53c2f69f6bcc6e
- SSDEEP
  
  49152:KEVq87OqihTIn+0ZsfY0FwYJ49x+sp+wkuRJDu/Q34Sc:hVjOgp0X49NUCJDEQ
Score

10^/10

danabot banker collection discovery spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankercollectiondiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy