danabot | 56a1dbae145f06c55ee7d64ff990762bd65a6d51330caf0049334175cf7404ab | Triage

Sharing

Copy URL Twitter E-mail

General

Target

56a1dbae145f06c55ee7d64ff990762bd65a6d51330caf0049334175cf7404ab
Size

1.4MB
Sample

220929-ex6n8ahgc9
MD5

5c02b9b8a30519bc311a2ae7e342b0db
SHA1

f498ff48a57b5e6370ed49cbf05de6da083219bd
SHA256

56a1dbae145f06c55ee7d64ff990762bd65a6d51330caf0049334175cf7404ab
SHA512

972c2a1d66bcf6741363c6c8c95adb8e7623f9412a9cea3efc07f4ac24d8c8e081ff3f234ec8601ba0d636a56e0360f5836c201751c4a82308003444f6e68107
SSDEEP

24576:+T74/ohhq+k06SEzeOOkxK+VYNa+JEDlFIn1XEHZfmbIDN/n6bqQ+400Lceuhupn:+P4AhhqI6SEzeOOkxK+L+JoICoYZQC0b

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Targets

- Target
  
  56a1dbae145f06c55ee7d64ff990762bd65a6d51330caf0049334175cf7404ab
- Size
  
  1.4MB
- MD5
  
  5c02b9b8a30519bc311a2ae7e342b0db
- SHA1
  
  f498ff48a57b5e6370ed49cbf05de6da083219bd
- SHA256
  
  56a1dbae145f06c55ee7d64ff990762bd65a6d51330caf0049334175cf7404ab
- SHA512
  
  972c2a1d66bcf6741363c6c8c95adb8e7623f9412a9cea3efc07f4ac24d8c8e081ff3f234ec8601ba0d636a56e0360f5836c201751c4a82308003444f6e68107
- SSDEEP
  
  24576:+T74/ohhq+k06SEzeOOkxK+VYNa+JEDlFIn1XEHZfmbIDN/n6bqQ+400Lceuhupn:+P4AhhqI6SEzeOOkxK+L+JoICoYZQC0b
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan