danabot | 0d61854433bd9993177f977182bb1a3c29a339029e969515362910dc12d7c5ff | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

0d61854433bd9993177f977182bb1a3c29a339029e969515362910dc12d7c5ff
Size

1.4MB
Sample

220929-gw4jkshhg6
MD5

ad249734c9084190f4a7de38913a5d6a
SHA1

a949eb32b55a621adc6f1471d5de85d1e8450e87
SHA256

0d61854433bd9993177f977182bb1a3c29a339029e969515362910dc12d7c5ff
SHA512

e4d7473529b98ce1a8e239d781a27b769d5565681c5b8f68d73a0321636137bbd87d57351bf8b144449669c0c780255e6ef814df8a21870ea935981f47014fe0
SSDEEP

24576:QregzTQdvsek+yLJzKf3FF3Ys+w2hJ5P34cyjs9Q83z7v7SxEPHR:QqgzTOk+y1zyF3Ys/2Qjz83zb7EoH

Score

10^/10

danabot banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

0d61854433bd9993177f977182bb1a3c29a339029e969515362910dc12d7c5ff.exe

Resource

win10v2004-20220812-en

danabot banker trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

23.106.124.171:443

192.119.70.159:443

Attributes

embedded_hash
A813CAF845B5703DA814AF785BB60B21
type
loader

Targets

- Target
  
  0d61854433bd9993177f977182bb1a3c29a339029e969515362910dc12d7c5ff
- Size
  
  1.4MB
- MD5
  
  ad249734c9084190f4a7de38913a5d6a
- SHA1
  
  a949eb32b55a621adc6f1471d5de85d1e8450e87
- SHA256
  
  0d61854433bd9993177f977182bb1a3c29a339029e969515362910dc12d7c5ff
- SHA512
  
  e4d7473529b98ce1a8e239d781a27b769d5565681c5b8f68d73a0321636137bbd87d57351bf8b144449669c0c780255e6ef814df8a21870ea935981f47014fe0
- SSDEEP
  
  24576:QregzTQdvsek+yLJzKf3FF3Ys+w2hJ5P34cyjs9Q83z7v7SxEPHR:QqgzTOk+y1zyF3Ys/2Qjz83zb7EoH
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan

© 2018-2025

Terms | Privacy