danabot | 9adae542cda4ae5595b029a59dfce9e608a6d9cb0230954090e99e5686015232 | Triage

Sharing

General

Target

malware_smoke_2586265091
Size

990KB
Sample

221004-q37n9abdfn
MD5

c6590daf3562c911d8280aed67c81a1a
SHA1

740aa1f7657b2495115eae344f497d34e3b0fcdd
SHA256

9adae542cda4ae5595b029a59dfce9e608a6d9cb0230954090e99e5686015232
SHA512

a3a22776596ea2f992e47acd756b1533382d474b16c307732d5d282ba6b89a96512dd7c142acf46ea22c966cefe01ba0a1f315dbe84f8779216789bd761947bc
SSDEEP

24576:CNS/TRewd2e3s4on/1ooxAAHsP9PtL/Ol94cOMDARwTW:xbd2Yo/RAA+Or4uDPW

Score

10^/10

danabot 5 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

5

C2

104.168.167.51:443

23.254.129.180:443

23.254.133.7:443

213.227.155.102:443

Attributes

embedded_hash
38025B93DA95E52B49DBD6CF4413C95E
type
loader

Targets

- Target
  
  malware_smoke_2586265091
- Size
  
  990KB
- MD5
  
  c6590daf3562c911d8280aed67c81a1a
- SHA1
  
  740aa1f7657b2495115eae344f497d34e3b0fcdd
- SHA256
  
  9adae542cda4ae5595b029a59dfce9e608a6d9cb0230954090e99e5686015232
- SHA512
  
  a3a22776596ea2f992e47acd756b1533382d474b16c307732d5d282ba6b89a96512dd7c142acf46ea22c966cefe01ba0a1f315dbe84f8779216789bd761947bc
- SSDEEP
  
  24576:CNS/TRewd2e3s4on/1ooxAAHsP9PtL/Ol94cOMDARwTW:xbd2Yo/RAA+Or4uDPW
Score

10^/10

danabot 5 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot5bankertrojan

behavioral2

danabot5bankertrojan