danabot | aa85ca0ec4cfec785dc63d1668f91a91779cb708222928e295bfd8b7e54aab88 | Triage

Sharing

General

Target

aa85ca0ec4cfec785dc63d1668f91a91779cb708222928e295bfd8b7e54aab88
Size

201KB
Sample

220924-ek3rssaed2
MD5

3e04a5b2e4999590c8eb8907103038c1
SHA1

66a56a94fc752d6752c2a66f05610f9527de575b
SHA256

aa85ca0ec4cfec785dc63d1668f91a91779cb708222928e295bfd8b7e54aab88
SHA512

40d21c4638d906b007d39b0648282817ff965d14a8366f6547e18c333a79a331001f27cb0c78556b077b1240679f9ca3cafb91a2282243d922472ddbe2a8d5ac
SSDEEP

3072:gwnkOHpaJLI/GHz85T9Bl7D4QhMNyCm3R4EyoNnH+BZPr/m/Pkj4x:guQLxHUBl7D4QhTCmCEZNA

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Targets

- Target
  
  aa85ca0ec4cfec785dc63d1668f91a91779cb708222928e295bfd8b7e54aab88
- Size
  
  201KB
- MD5
  
  3e04a5b2e4999590c8eb8907103038c1
- SHA1
  
  66a56a94fc752d6752c2a66f05610f9527de575b
- SHA256
  
  aa85ca0ec4cfec785dc63d1668f91a91779cb708222928e295bfd8b7e54aab88
- SHA512
  
  40d21c4638d906b007d39b0648282817ff965d14a8366f6547e18c333a79a331001f27cb0c78556b077b1240679f9ca3cafb91a2282243d922472ddbe2a8d5ac
- SSDEEP
  
  3072:gwnkOHpaJLI/GHz85T9Bl7D4QhMNyCm3R4EyoNnH+BZPr/m/Pkj4x:guQLxHUBl7D4QhTCmCEZNA
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan