danabot | fd5a5244b9ef64a3d2dfce8fae35bf6be327c709a3f3ac05dea58b9aa8eb8894 | Triage

Sharing

General

Target

fd5a5244b9ef64a3d2dfce8fae35bf6be327c709a3f3ac05dea58b9aa8eb8894
Size

197KB
Sample

220924-yxhryabhd8
MD5

0b7bf3ba6deb48b2e850df1164806016
SHA1

445a721acd83c21d6528302fd00bc878a7af1af2
SHA256

fd5a5244b9ef64a3d2dfce8fae35bf6be327c709a3f3ac05dea58b9aa8eb8894
SHA512

8588032b24daa25b6300536f7d532b32dd26faa75ebbd0714191fe60975d41d0cf4bdd92ec2c00bc6a92a43dbaca6729c8af83d396fed8d4c310502674386d87
SSDEEP

3072:+lyMELf455OA5WTxIax4XZASVcA810pELBBVKNTDKH/PkkXx:nLC5eTxIaxOAYfi0m/VKNTu

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Targets

- Target
  
  fd5a5244b9ef64a3d2dfce8fae35bf6be327c709a3f3ac05dea58b9aa8eb8894
- Size
  
  197KB
- MD5
  
  0b7bf3ba6deb48b2e850df1164806016
- SHA1
  
  445a721acd83c21d6528302fd00bc878a7af1af2
- SHA256
  
  fd5a5244b9ef64a3d2dfce8fae35bf6be327c709a3f3ac05dea58b9aa8eb8894
- SHA512
  
  8588032b24daa25b6300536f7d532b32dd26faa75ebbd0714191fe60975d41d0cf4bdd92ec2c00bc6a92a43dbaca6729c8af83d396fed8d4c310502674386d87
- SSDEEP
  
  3072:+lyMELf455OA5WTxIax4XZASVcA810pELBBVKNTDKH/PkkXx:nLC5eTxIaxOAYfi0m/VKNTu
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan