danabot | ea3514cfe20008aff0108a175014f47e12be8bb739220ba139f62936aa10320a | Triage

Sharing

General

Target

ea3514cfe20008aff0108a175014f47e12be8bb739220ba139f62936aa10320a
Size

1.4MB
Sample

220928-rvc1cagbd8
MD5

f729ffe22a3a3be0937f6dbc7106ea22
SHA1

92d6928b2ecbe16a2b7bdd8bb2530043876ea793
SHA256

ea3514cfe20008aff0108a175014f47e12be8bb739220ba139f62936aa10320a
SHA512

76aa1ceb667e318b09cd5c3e8d6adf1c38254a8534f4d460bea16d76d1192f6debcd0567a812eb00113390fbe6dfc1ef24c335a01d4642e46483bb2ed5a8a883
SSDEEP

24576:jqofTGxLcWH1pVbwJkiUNxriZprmVtFi5j1XbxgSQsMwzy7R7X:j1CAi1pN8k1ruZprmit1XbxL6r7R

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Targets

- Target
  
  ea3514cfe20008aff0108a175014f47e12be8bb739220ba139f62936aa10320a
- Size
  
  1.4MB
- MD5
  
  f729ffe22a3a3be0937f6dbc7106ea22
- SHA1
  
  92d6928b2ecbe16a2b7bdd8bb2530043876ea793
- SHA256
  
  ea3514cfe20008aff0108a175014f47e12be8bb739220ba139f62936aa10320a
- SHA512
  
  76aa1ceb667e318b09cd5c3e8d6adf1c38254a8534f4d460bea16d76d1192f6debcd0567a812eb00113390fbe6dfc1ef24c335a01d4642e46483bb2ed5a8a883
- SSDEEP
  
  24576:jqofTGxLcWH1pVbwJkiUNxriZprmVtFi5j1XbxgSQsMwzy7R7X:j1CAi1pN8k1ruZprmit1XbxL6r7R
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan