danabot | db6cb279687271bd10869c3adc5c1a088e5646888eb40b99727ff50e520c4273 | Triage

Sharing

General

Target

malware_smoke_2637256550
Size

996KB
Sample

221004-qxagkabddj
MD5

787518326366c6a091ae2dcfa8366863
SHA1

44123f51e2c418873d3b044a844227b56d8752aa
SHA256

db6cb279687271bd10869c3adc5c1a088e5646888eb40b99727ff50e520c4273
SHA512

c8abe9ca1d7b33dda78b7b7794dec3a68621fd9a101ed3763c5265b75711dec12ae0e4d7016d476511de20b32e607bfec50349fe611a1dddbb6534cdc00238a6
SSDEEP

24576:c97OWzmUPHZOsjPKMLzrWAFICOxa2w9Np:azrPHvjPPLzrfp4

Score

10^/10

danabot 5 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

5

C2

192.236.160.244:443

23.254.129.180:443

23.254.133.7:443

213.227.155.102:443

Attributes

embedded_hash
CA3B5B378FAA92E7051F984E02120FDD
type
loader

Targets

- Target
  
  malware_smoke_2637256550
- Size
  
  996KB
- MD5
  
  787518326366c6a091ae2dcfa8366863
- SHA1
  
  44123f51e2c418873d3b044a844227b56d8752aa
- SHA256
  
  db6cb279687271bd10869c3adc5c1a088e5646888eb40b99727ff50e520c4273
- SHA512
  
  c8abe9ca1d7b33dda78b7b7794dec3a68621fd9a101ed3763c5265b75711dec12ae0e4d7016d476511de20b32e607bfec50349fe611a1dddbb6534cdc00238a6
- SSDEEP
  
  24576:c97OWzmUPHZOsjPKMLzrWAFICOxa2w9Np:azrPHvjPPLzrfp4
Score

10^/10

danabot 5 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot5bankertrojan

behavioral2

danabot5bankertrojan