danabot | 2650817e2703b15c7e6fbf4d4caace2066f50db88fc96862190c4daf32d186e7 | Triage

Sharing

General

Target

malware_smoke_1190770884
Size

1.0MB
Sample

221004-q53hbabba9
MD5

5b64b4c975ff001a2d99bf9b65b4b8bb
SHA1

a234b171340ca47f2a2fba0705911c61416e8985
SHA256

2650817e2703b15c7e6fbf4d4caace2066f50db88fc96862190c4daf32d186e7
SHA512

7a923c06534c9d29d9911760ad3b3ebd685806ff2cb157a055616532cf7aeabe362005e6ab38d669087b076840d70f77bbd6f14500fc98b56c4f2cbe6856cd5d
SSDEEP

24576:vbahsA6iHbGRj+x7UkpFU/UzPkgSSML3xitJwDSmAESmB:OhsTibGRjM7UkpFRMxqwM

Score

10^/10

danabot 5 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

5

C2

23.254.129.180:443

23.254.133.7:443

213.227.155.102:443

Attributes

embedded_hash
5C4A9996E213E13DC6AC3BC28C895A29
type
loader

Targets

- Target
  
  malware_smoke_1190770884
- Size
  
  1.0MB
- MD5
  
  5b64b4c975ff001a2d99bf9b65b4b8bb
- SHA1
  
  a234b171340ca47f2a2fba0705911c61416e8985
- SHA256
  
  2650817e2703b15c7e6fbf4d4caace2066f50db88fc96862190c4daf32d186e7
- SHA512
  
  7a923c06534c9d29d9911760ad3b3ebd685806ff2cb157a055616532cf7aeabe362005e6ab38d669087b076840d70f77bbd6f14500fc98b56c4f2cbe6856cd5d
- SSDEEP
  
  24576:vbahsA6iHbGRj+x7UkpFU/UzPkgSSML3xitJwDSmAESmB:OhsTibGRjM7UkpFRMxqwM
Score

10^/10

danabot 5 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot5bankertrojan

behavioral2

danabot5bankertrojan