danabot | 7bbc463b00facb19a43a086b8d34c24ca8631638a46ec907fbde08a12dcce305 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7bbc463b00facb19a43a086b8d34c24ca8631638a46ec907fbde08a12dcce305
Size

1.2MB
Sample

221012-f74haacehn
MD5

1b01eb3b7c1a5c07ac2dee1bd79706ed
SHA1

5e1cd25ad7d92cc7c5d826635688f68d6b3e0dad
SHA256

7bbc463b00facb19a43a086b8d34c24ca8631638a46ec907fbde08a12dcce305
SHA512

cc2a9d40484ee66414676efe1b87f22d966e6ed10fb18606ed93b840c855d025a0233ead4cb5b0275dbb2e120fb79993a35e4a51476a6dbfd8fc82d5c901d140
SSDEEP

24576:AsARB43j5WAXab4OVG1msGcQJwK8/AjCnKMmPzWaBzqAbQX:j243j5Wq3csGcbKmAOnKF5zqAsX

Score

10^/10

danabot banker spyware stealer trojan

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

23.106.124.171:443

192.119.70.159:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

embedded_hash
A813CAF845B5703DA814AF785BB60B21
type
loader

Targets

- Target
  
  7bbc463b00facb19a43a086b8d34c24ca8631638a46ec907fbde08a12dcce305
- Size
  
  1.2MB
- MD5
  
  1b01eb3b7c1a5c07ac2dee1bd79706ed
- SHA1
  
  5e1cd25ad7d92cc7c5d826635688f68d6b3e0dad
- SHA256
  
  7bbc463b00facb19a43a086b8d34c24ca8631638a46ec907fbde08a12dcce305
- SHA512
  
  cc2a9d40484ee66414676efe1b87f22d966e6ed10fb18606ed93b840c855d025a0233ead4cb5b0275dbb2e120fb79993a35e4a51476a6dbfd8fc82d5c901d140
- SSDEEP
  
  24576:AsARB43j5WAXab4OVG1msGcQJwK8/AjCnKMmPzWaBzqAbQX:j243j5Wq3csGcbKmAOnKF5zqAsX
Score

10^/10

danabot banker trojan spyware stealer
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankerspywarestealertrojan