danabot | e5b9ace672dd8021ba842d3c3db19d08499730632902910c8f74fc884513e51b | Triage

Submit
Reports

Overview

overview

Static

static

a492ac51eb...ee.exe

windows7-x64

a492ac51eb...ee.exe

windows10-2004-x64

Sharing

General

Target

a492ac51eb8bb67946e1f1bc6b0a20ee.exe
Size

1.3MB
Sample

220925-v3p7esfeg7
MD5

a492ac51eb8bb67946e1f1bc6b0a20ee
SHA1

c7095e4482bf5e6afc069611f4ca01d60ac304b7
SHA256

e5b9ace672dd8021ba842d3c3db19d08499730632902910c8f74fc884513e51b
SHA512

48f51f3541e4d514694c36ffb209328dc35fa4a460fae76b3353e8758267eb41cd313913c1509b5edd57eb00619ebd3fdf34d0ee39dc2c39d93761c480d37dda
SSDEEP

24576:f4CSrOYnYWb9G3DlxmugDzsL9fq2fAU0++9OGD5cLGZqzMQ6K59E:o6qb9gDlcug3M9tB0Ow5cLG/n4

Score

10^/10

danabot banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

a492ac51eb8bb67946e1f1bc6b0a20ee.exe

Resource

win7-20220901-en

danabot banker trojan

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

a492ac51eb8bb67946e1f1bc6b0a20ee.exe

Resource

win10v2004-20220812-en

danabot banker trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Targets

- Target
  
  a492ac51eb8bb67946e1f1bc6b0a20ee.exe
- Size
  
  1.3MB
- MD5
  
  a492ac51eb8bb67946e1f1bc6b0a20ee
- SHA1
  
  c7095e4482bf5e6afc069611f4ca01d60ac304b7
- SHA256
  
  e5b9ace672dd8021ba842d3c3db19d08499730632902910c8f74fc884513e51b
- SHA512
  
  48f51f3541e4d514694c36ffb209328dc35fa4a460fae76b3353e8758267eb41cd313913c1509b5edd57eb00619ebd3fdf34d0ee39dc2c39d93761c480d37dda
- SSDEEP
  
  24576:f4CSrOYnYWb9G3DlxmugDzsL9fq2fAU0++9OGD5cLGZqzMQ6K59E:o6qb9gDlcug3M9tB0Ow5cLG/n4
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan

© 2018-2024

Terms | Privacy