danabot | 35a94432b93bb87859ce8dec9a6f0725119f38d4bf0678bf645ba8b2605d9f92 | Triage

Sharing

General

Target

35a94432b93bb87859ce8dec9a6f0725119f38d4bf0678bf645ba8b2605d9f92
Size

1.2MB
Sample

221012-f4bcbsceej
MD5

6c22e9ff51c52ea93902af7b8c2283c3
SHA1

e4afe2353cafa647916cfca70e12443dea0a6387
SHA256

35a94432b93bb87859ce8dec9a6f0725119f38d4bf0678bf645ba8b2605d9f92
SHA512

49e1345148a74a1f0e743048fcd3918c5fc06b1d09308823b95368f8bd0b8a4fba80478768f27cb341faa014fa567f19a5cef0deca10bfdd9a13811377efa7ee
SSDEEP

24576:uXhnBIzrRKpZv3ilD09IiYanTw75Vx6fO9qUigRnhqOGVdvbnu6/SZv:EBIMvPilDunTw73wOEysdC6/SZv

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

23.106.124.171:443

192.119.70.159:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

embedded_hash
A813CAF845B5703DA814AF785BB60B21
type
loader

Targets

- Target
  
  35a94432b93bb87859ce8dec9a6f0725119f38d4bf0678bf645ba8b2605d9f92
- Size
  
  1.2MB
- MD5
  
  6c22e9ff51c52ea93902af7b8c2283c3
- SHA1
  
  e4afe2353cafa647916cfca70e12443dea0a6387
- SHA256
  
  35a94432b93bb87859ce8dec9a6f0725119f38d4bf0678bf645ba8b2605d9f92
- SHA512
  
  49e1345148a74a1f0e743048fcd3918c5fc06b1d09308823b95368f8bd0b8a4fba80478768f27cb341faa014fa567f19a5cef0deca10bfdd9a13811377efa7ee
- SSDEEP
  
  24576:uXhnBIzrRKpZv3ilD09IiYanTw75Vx6fO9qUigRnhqOGVdvbnu6/SZv:EBIMvPilDunTw73wOEysdC6/SZv
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan