danabot | eddbfd35789c68d35bbda008b6303d79f9c16e4233d16eab52021b205fd79aef | Triage

Sharing

General

Target

eddbfd35789c68d35bbda008b6303d79f9c16e4233d16eab52021b205fd79aef
Size

1.4MB
Sample

220929-az85xahdf9
MD5

ff644e7d273607ec5b9aae634fc5c072
SHA1

24e52996fad8754a925a2d42a704ce2fcdd53d19
SHA256

eddbfd35789c68d35bbda008b6303d79f9c16e4233d16eab52021b205fd79aef
SHA512

7573762ef2b8633dab30be79663af9880d222359484d69f98a27eebda61cb5c7a892c5208a5dce9267aa2513b067ff64e96631664e8143a57bb3ffa7bf44521b
SSDEEP

24576:7je9U31odZhWmPtLLFtvRIzmFv8qwq+PSl8yfIg4DKxy7Bvyc2Lh3/A0sTfFRnFL:7SW1KHdtvRhHwR6Fc76FvCf/dI/iD3

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Targets

- Target
  
  eddbfd35789c68d35bbda008b6303d79f9c16e4233d16eab52021b205fd79aef
- Size
  
  1.4MB
- MD5
  
  ff644e7d273607ec5b9aae634fc5c072
- SHA1
  
  24e52996fad8754a925a2d42a704ce2fcdd53d19
- SHA256
  
  eddbfd35789c68d35bbda008b6303d79f9c16e4233d16eab52021b205fd79aef
- SHA512
  
  7573762ef2b8633dab30be79663af9880d222359484d69f98a27eebda61cb5c7a892c5208a5dce9267aa2513b067ff64e96631664e8143a57bb3ffa7bf44521b
- SSDEEP
  
  24576:7je9U31odZhWmPtLLFtvRIzmFv8qwq+PSl8yfIg4DKxy7Bvyc2Lh3/A0sTfFRnFL:7SW1KHdtvRhHwR6Fc76FvCf/dI/iD3
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan