danabot | 3a2343fb84d6461c4c86bf4d66e6dce0eb4406e3bfbcb933d8387316b3bcc87b | Triage

Sharing

General

Target

3a2343fb84d6461c4c86bf4d66e6dce0eb4406e3bfbcb933d8387316b3bcc87b
Size

268KB
Sample

221007-xtwzqadca3
MD5

1cc90586176dc7cdc6aabf82a8220312
SHA1

644e661ec63925b14c900e45a7e14809e73e0f0a
SHA256

3a2343fb84d6461c4c86bf4d66e6dce0eb4406e3bfbcb933d8387316b3bcc87b
SHA512

f8ef1ec287bb80d18d3aeceb3c90d00ea6c7e6b77caf2d2382fe437a449db01123a3155312011d109d67712e612d6ff18a1e9ba6bd0bbcc85343a26e05ad9d6b
SSDEEP

3072:NXNofhihbLE+NyNphMm5B6Ep+JNWYDEXAPvrJESOIB6p8Dm75/k66MzGVggjcGky:JuZkyT1Z83wQbJE2K8D28CO7ITsqe4

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Targets

- Target
  
  3a2343fb84d6461c4c86bf4d66e6dce0eb4406e3bfbcb933d8387316b3bcc87b
- Size
  
  268KB
- MD5
  
  1cc90586176dc7cdc6aabf82a8220312
- SHA1
  
  644e661ec63925b14c900e45a7e14809e73e0f0a
- SHA256
  
  3a2343fb84d6461c4c86bf4d66e6dce0eb4406e3bfbcb933d8387316b3bcc87b
- SHA512
  
  f8ef1ec287bb80d18d3aeceb3c90d00ea6c7e6b77caf2d2382fe437a449db01123a3155312011d109d67712e612d6ff18a1e9ba6bd0bbcc85343a26e05ad9d6b
- SSDEEP
  
  3072:NXNofhihbLE+NyNphMm5B6Ep+JNWYDEXAPvrJESOIB6p8Dm75/k66MzGVggjcGky:JuZkyT1Z83wQbJE2K8D28CO7ITsqe4
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan