danabot | b042f121f497e12dec719011bcfac3357f662d8412c1960d3599293eb0051543 | Triage

Sharing

General

Target

b042f121f497e12dec719011bcfac3357f662d8412c1960d3599293eb0051543
Size

197KB
Sample

220925-bybzfscfh4
MD5

c0c84e5c6c1b09b5a987bff067aa29dd
SHA1

d258b9984f0e13434d1cb337b8d9f53d5e29b4b3
SHA256

b042f121f497e12dec719011bcfac3357f662d8412c1960d3599293eb0051543
SHA512

e1c82276d5fc42a905aca9dbcdc03be434b9f418fa6457588ed0f9442d6dd56aabf66a02f54cfb219cb518e8a5d00149e354406c9e7ede74f80c387d3fa8a313
SSDEEP

3072:fbcAgLgJLGA4N5fi2x7iZin/RoJT3sYlBnnE8T/PkkXx:ILo5OLxmZM/RoJT8C

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Targets

- Target
  
  b042f121f497e12dec719011bcfac3357f662d8412c1960d3599293eb0051543
- Size
  
  197KB
- MD5
  
  c0c84e5c6c1b09b5a987bff067aa29dd
- SHA1
  
  d258b9984f0e13434d1cb337b8d9f53d5e29b4b3
- SHA256
  
  b042f121f497e12dec719011bcfac3357f662d8412c1960d3599293eb0051543
- SHA512
  
  e1c82276d5fc42a905aca9dbcdc03be434b9f418fa6457588ed0f9442d6dd56aabf66a02f54cfb219cb518e8a5d00149e354406c9e7ede74f80c387d3fa8a313
- SSDEEP
  
  3072:fbcAgLgJLGA4N5fi2x7iZin/RoJT3sYlBnnE8T/PkkXx:ILo5OLxmZM/RoJT8C
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan