danabot | 63a1f40c0b381d1b483445822dc2f6a6413a17d58a84f185621b50b54ee8732a | Triage

Sharing

General

Target

63a1f40c0b381d1b483445822dc2f6a6413a17d58a84f185621b50b54ee8732a
Size

1.3MB
Sample

221011-ra4bssggg7
MD5

66eea88b2c9e24cd13f4c86e41b3e6a0
SHA1

b2380bb40efcb87076b5ddbad91ff5c695a1806e
SHA256

63a1f40c0b381d1b483445822dc2f6a6413a17d58a84f185621b50b54ee8732a
SHA512

0945760ccf58ba23db5d0b34c903ccf7dac2f14dc56e0fff993035a6d3c8f2a21f8a3c555a3ed1cfd6730f0c366696d0fc18923af47d5b3f57e0c48e49247029
SSDEEP

24576:LcxerY1UZBGvD/oDIU4Bu70CMP9ie7HxIGwZxCOiOaUIdCZ9lthKR/S:LccmvDNUIurMEe7H6GwWyIoeR/S

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Targets

- Target
  
  63a1f40c0b381d1b483445822dc2f6a6413a17d58a84f185621b50b54ee8732a
- Size
  
  1.3MB
- MD5
  
  66eea88b2c9e24cd13f4c86e41b3e6a0
- SHA1
  
  b2380bb40efcb87076b5ddbad91ff5c695a1806e
- SHA256
  
  63a1f40c0b381d1b483445822dc2f6a6413a17d58a84f185621b50b54ee8732a
- SHA512
  
  0945760ccf58ba23db5d0b34c903ccf7dac2f14dc56e0fff993035a6d3c8f2a21f8a3c555a3ed1cfd6730f0c366696d0fc18923af47d5b3f57e0c48e49247029
- SSDEEP
  
  24576:LcxerY1UZBGvD/oDIU4Bu70CMP9ie7HxIGwZxCOiOaUIdCZ9lthKR/S:LccmvDNUIurMEe7H6GwWyIoeR/S
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan