danabot | 9ee17179fc36fbc73d255264aff87becb1b041e1debcd0a8ed584984642dbb67 | Triage

Sharing

General

Target

9ee17179fc36fbc73d255264aff87becb1b041e1debcd0a8ed584984642dbb67
Size

1.9MB
Sample

221004-gy8w3sfca4
MD5

43ea96e5e940e855f73c5c6b9ffabb2d
SHA1

677d621678417dcc4abf832686f0c8f1c5a00fc1
SHA256

9ee17179fc36fbc73d255264aff87becb1b041e1debcd0a8ed584984642dbb67
SHA512

cc7d3a1a1cd826e2f7459e24dd3bb25794c906527114118fba370a1243eb1527c5b163a04a80645d13844b42d19ffb9a364ffc6a5e8233a1b0efd4e82af79b75
SSDEEP

49152:Q5VJWv/QA9dvKpEQ2zJFu+Vp9LLvYcKzdtncU/FILb7:Q5XWvYAmIJFbdQlpu/

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

23.254.226.20:443

198.15.112.179:443

66.85.147.23:443

Attributes

embedded_hash
8AA34A6CD5B6C9D509DB2C72E1AE6D88
type
loader

Targets

- Target
  
  9ee17179fc36fbc73d255264aff87becb1b041e1debcd0a8ed584984642dbb67
- Size
  
  1.9MB
- MD5
  
  43ea96e5e940e855f73c5c6b9ffabb2d
- SHA1
  
  677d621678417dcc4abf832686f0c8f1c5a00fc1
- SHA256
  
  9ee17179fc36fbc73d255264aff87becb1b041e1debcd0a8ed584984642dbb67
- SHA512
  
  cc7d3a1a1cd826e2f7459e24dd3bb25794c906527114118fba370a1243eb1527c5b163a04a80645d13844b42d19ffb9a364ffc6a5e8233a1b0efd4e82af79b75
- SSDEEP
  
  49152:Q5VJWv/QA9dvKpEQ2zJFu+Vp9LLvYcKzdtncU/FILb7:Q5XWvYAmIJFbdQlpu/
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan