danabot | 0c8de1818728edeacf0b8d0811f057062891f082f4d51925fbb830ab0f273b7d | Triage

Sharing

General

Target

0c8de1818728edeacf0b8d0811f057062891f082f4d51925fbb830ab0f273b7d
Size

1.2MB
Sample

220926-pm3vpaagd5
MD5

2270f6728deeb813eaca3b813b5e14d6
SHA1

017eaf60bf265b3647f7a862ff8f9f2e54b4a18b
SHA256

0c8de1818728edeacf0b8d0811f057062891f082f4d51925fbb830ab0f273b7d
SHA512

05b1fb8cac8b35f1d08b8be8cdac573c3c4fbf7e06255a1201e63f8c384ceb3287996a2c5490b448efa5c8fd5f6cd5797c85a3b4c4d13a8d76ec39b8550d92d3
SSDEEP

24576:im0cvVLTxHolsRWIJPJpg5Os73P04/9+RGH3xfe3h8Jt2B3tkj+saiC:v0cvFTxCLINJpg5Ok1uGH3x2mIkde

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Targets

- Target
  
  0c8de1818728edeacf0b8d0811f057062891f082f4d51925fbb830ab0f273b7d
- Size
  
  1.2MB
- MD5
  
  2270f6728deeb813eaca3b813b5e14d6
- SHA1
  
  017eaf60bf265b3647f7a862ff8f9f2e54b4a18b
- SHA256
  
  0c8de1818728edeacf0b8d0811f057062891f082f4d51925fbb830ab0f273b7d
- SHA512
  
  05b1fb8cac8b35f1d08b8be8cdac573c3c4fbf7e06255a1201e63f8c384ceb3287996a2c5490b448efa5c8fd5f6cd5797c85a3b4c4d13a8d76ec39b8550d92d3
- SSDEEP
  
  24576:im0cvVLTxHolsRWIJPJpg5Os73P04/9+RGH3xfe3h8Jt2B3tkj+saiC:v0cvFTxCLINJpg5Ok1uGH3x2mIkde
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan