danabot | 6793231e3bf74a5085010700b355509e0a4f5930b94c1d76f752147d9c646251 | Triage

Sharing

General

Target

6793231e3bf74a5085010700b355509e0a4f5930b94c1d76f752147d9c646251
Size

1.2MB
Sample

220926-rbyspsbac4
MD5

bae63ff394eae26e516503377ae6db41
SHA1

bbed47e63c8154acb9a89054a2d3271325e28f98
SHA256

6793231e3bf74a5085010700b355509e0a4f5930b94c1d76f752147d9c646251
SHA512

1c95bfc372126d5b2963cf1d208a89543f81692219b8746f968cbd0e06c63b005396a5d645ab94ef8286299f908e98e3280359ae85f697c9fba3ee0b49b57dfd
SSDEEP

24576:rvDf8i+y5Y/gqpwZcCGw/Ofy0Ftxtzcq+qMtkfg7GLGT2nWozg:nSIIwZcCz/Ofy8rlyQQdT7ozg

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Targets

- Target
  
  6793231e3bf74a5085010700b355509e0a4f5930b94c1d76f752147d9c646251
- Size
  
  1.2MB
- MD5
  
  bae63ff394eae26e516503377ae6db41
- SHA1
  
  bbed47e63c8154acb9a89054a2d3271325e28f98
- SHA256
  
  6793231e3bf74a5085010700b355509e0a4f5930b94c1d76f752147d9c646251
- SHA512
  
  1c95bfc372126d5b2963cf1d208a89543f81692219b8746f968cbd0e06c63b005396a5d645ab94ef8286299f908e98e3280359ae85f697c9fba3ee0b49b57dfd
- SSDEEP
  
  24576:rvDf8i+y5Y/gqpwZcCGw/Ofy0Ftxtzcq+qMtkfg7GLGT2nWozg:nSIIwZcCz/Ofy8rlyQQdT7ozg
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan