danabot | 65249d284d592b846ec44f2cbfe23f79e44ad0d97895e25f3a5e37d977795568 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

65249d284d592b846ec44f2cbfe23f79e44ad0d97895e25f3a5e37d977795568
Size

1.2MB
Sample

221012-f6sdmacegj
MD5

7672966500d5e2d74eb33a9bc0a1cb98
SHA1

93303200864386a9c8fe951041cbfe7965b23642
SHA256

65249d284d592b846ec44f2cbfe23f79e44ad0d97895e25f3a5e37d977795568
SHA512

1b3155fe0ef769489b7694c0ea51b05bc22a326b8e780bd7c7556a6e2d00eb554e147d6596641a6f8b86fda0b757a297c5bb05fa5cdc69e754881b349bfb3ebf
SSDEEP

24576:1yl+Zcl/cqBFIPHvREEJJ2A33/nafl2WaVglnOvnLl4JMMAsl4dl+IEUMP7MO0F:1ylecOqAPPREZIvnjdqnml4JAsuWTY

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

149.3.170.160:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes

embedded_hash
B820721BF2F0118AA5F8723A0AD25E65
type
loader

Targets

- Target
  
  65249d284d592b846ec44f2cbfe23f79e44ad0d97895e25f3a5e37d977795568
- Size
  
  1.2MB
- MD5
  
  7672966500d5e2d74eb33a9bc0a1cb98
- SHA1
  
  93303200864386a9c8fe951041cbfe7965b23642
- SHA256
  
  65249d284d592b846ec44f2cbfe23f79e44ad0d97895e25f3a5e37d977795568
- SHA512
  
  1b3155fe0ef769489b7694c0ea51b05bc22a326b8e780bd7c7556a6e2d00eb554e147d6596641a6f8b86fda0b757a297c5bb05fa5cdc69e754881b349bfb3ebf
- SSDEEP
  
  24576:1yl+Zcl/cqBFIPHvREEJJ2A33/nafl2WaVglnOvnLl4JMMAsl4dl+IEUMP7MO0F:1ylecOqAPPREZIvnjdqnml4JAsuWTY
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan