Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19a6bc39fe6abd8711a8bc650b651d3e434db4eb8b54ac92fd76ca664ecc9d37

  • Size

    2.0MB

  • Sample

    221004-gxwkcsfbd5

  • MD5

    5f69e3a8fe967d526555ad9be8945709

  • SHA1

    2e72f271e87d057bf5abc1b1f3101aa93b5b41b4

  • SHA256

    19a6bc39fe6abd8711a8bc650b651d3e434db4eb8b54ac92fd76ca664ecc9d37

  • SHA512

    215fbb0baff3351bdc6f25c8b8cbf1d3693f7bc63636aee9e0fe53e0f917da8f1cb47ed961d974bc01b655f71e233ad93c0aec2b4c176f47bf1cc90ffc8fd05d

  • SSDEEP

    49152:pcgpXKjjTBmqr6zZrVaCxW5DkQ9OP0/TiIxLuOHVHM:pc4CjTBmquZo9S0/TvxHRM

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

23.254.226.20:443

198.15.112.179:443

66.85.147.23:443
Attributes
  • embedded_hash

    8AA34A6CD5B6C9D509DB2C72E1AE6D88

  • type

    loader

Targets

    • Target

      19a6bc39fe6abd8711a8bc650b651d3e434db4eb8b54ac92fd76ca664ecc9d37

    • Size

      2.0MB

    • MD5

      5f69e3a8fe967d526555ad9be8945709

    • SHA1

      2e72f271e87d057bf5abc1b1f3101aa93b5b41b4

    • SHA256

      19a6bc39fe6abd8711a8bc650b651d3e434db4eb8b54ac92fd76ca664ecc9d37

    • SHA512

      215fbb0baff3351bdc6f25c8b8cbf1d3693f7bc63636aee9e0fe53e0f917da8f1cb47ed961d974bc01b655f71e233ad93c0aec2b4c176f47bf1cc90ffc8fd05d

    • SSDEEP

      49152:pcgpXKjjTBmqr6zZrVaCxW5DkQ9OP0/TiIxLuOHVHM:pc4CjTBmquZo9S0/TvxHRM

    Score
    10/10
    danabotbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks