Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    832e9dde2b45829a1cce479239ba7bb673ccfebddf428546d822f2f40e3064ec

  • Size

    2.0MB

  • Sample

    221004-gyy2wafbh6

  • MD5

    48455bc5f2988db58f6b8aa533e8b191

  • SHA1

    c87f3eb51c49de499e2d880091b680de0e3c8ed7

  • SHA256

    832e9dde2b45829a1cce479239ba7bb673ccfebddf428546d822f2f40e3064ec

  • SHA512

    6ac5fef904e79febfddd98ee73073adfea21c5705ab8f0ab404d26844011398f6accac99850124e4f7c8397351dcca8c2b29647ceb8823b324a30efda828f4f2

  • SSDEEP

    49152:jVPGQJXCrc/ZZthvWljbcDQEAWWg8rBYQfKTAEKvMxv:jVPGQJX6c/v+hYhwg8N/fKUG

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

23.254.226.20:443

198.15.112.179:443

66.85.147.23:443
Attributes
  • embedded_hash

    8AA34A6CD5B6C9D509DB2C72E1AE6D88

  • type

    loader

Targets

    • Target

      832e9dde2b45829a1cce479239ba7bb673ccfebddf428546d822f2f40e3064ec

    • Size

      2.0MB

    • MD5

      48455bc5f2988db58f6b8aa533e8b191

    • SHA1

      c87f3eb51c49de499e2d880091b680de0e3c8ed7

    • SHA256

      832e9dde2b45829a1cce479239ba7bb673ccfebddf428546d822f2f40e3064ec

    • SHA512

      6ac5fef904e79febfddd98ee73073adfea21c5705ab8f0ab404d26844011398f6accac99850124e4f7c8397351dcca8c2b29647ceb8823b324a30efda828f4f2

    • SSDEEP

      49152:jVPGQJXCrc/ZZthvWljbcDQEAWWg8rBYQfKTAEKvMxv:jVPGQJX6c/v+hYhwg8N/fKUG

    Score
    10/10
    danabotbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks