danabot | c8f1ec2ef618dfcd254f5a9e397b70644b3ba070f0c327bae20a3054df0021c0 | Triage

Sharing

General

Target

c8f1ec2ef618dfcd254f5a9e397b70644b3ba070f0c327bae20a3054df0021c0
Size

6.4MB
Sample

220913-zch3msgeg4
MD5

37280de8b448ed3a4358120a40b42872
SHA1

b05209c3bcaac611763369416a18c4b8406c4fa1
SHA256

c8f1ec2ef618dfcd254f5a9e397b70644b3ba070f0c327bae20a3054df0021c0
SHA512

807ba5962fd16b0700121f70a948257e8602a2b7f15f74e871253fc8571e36900915eeecdddab2a3c26364ab9369b2c4386fbb7e2f3135641ef8f1df4784d74c
SSDEEP

98304:zG5fSXz5F5x+3rUQ4Qljsq75Pm9tli8VSP6W:zKfSlLsVPm9tlJW

Score

10^/10

danabot 3 banker trojan

Malware Config

Extracted

Family

danabot

Version

1765

Botnet

3

C2

192.236.146.203:443

192.161.48.5:443

192.236.162.42:443

192.3.26.98:443

Attributes

embedded_hash
B2585F6479280F48B64C99F950BBF36D
type
main

rsa_pubkey.plain

rsa_pubkey.plain

Targets

- Target
  
  c8f1ec2ef618dfcd254f5a9e397b70644b3ba070f0c327bae20a3054df0021c0
- Size
  
  6.4MB
- MD5
  
  37280de8b448ed3a4358120a40b42872
- SHA1
  
  b05209c3bcaac611763369416a18c4b8406c4fa1
- SHA256
  
  c8f1ec2ef618dfcd254f5a9e397b70644b3ba070f0c327bae20a3054df0021c0
- SHA512
  
  807ba5962fd16b0700121f70a948257e8602a2b7f15f74e871253fc8571e36900915eeecdddab2a3c26364ab9369b2c4386fbb7e2f3135641ef8f1df4784d74c
- SSDEEP
  
  98304:zG5fSXz5F5x+3rUQ4Qljsq75Pm9tli8VSP6W:zKfSlLsVPm9tlJW
Score

10^/10

danabot 3 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot3bankertrojan

behavioral2