danabot | 0bc25795cfc0ef1971a91f41c6009eccc1e77cb4c823af3e2c79c5cc2d17d860 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0bc25795cfc0ef1971a91f41c6009eccc1e77cb4c823af3e2c79c5cc2d17d860
Size

214KB
Sample

221016-tgb71ahgb3
MD5

56419e914a1f08d5b046ced4ea9f838c
SHA1

90cfedcd250b2f2a348a34092e2b66165e2ba9f9
SHA256

0bc25795cfc0ef1971a91f41c6009eccc1e77cb4c823af3e2c79c5cc2d17d860
SHA512

0bbad200c1fbf836056e8ab8d543c44485f29aff617f98caa519d87213da342a18e4b5de60d90c2ff1fb742421c274bce2e42cdbea72cba8ee1d929a7b62a16d
SSDEEP

3072:eXpQ6H/CLaL3AFbmv5SyqeryKJMJIMhFqE4Vqi6gereSMFBKM80KUOn/:mLH/CLacmvLt+Jdh8pVzQeCM80m/

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Targets

- Target
  
  0bc25795cfc0ef1971a91f41c6009eccc1e77cb4c823af3e2c79c5cc2d17d860
- Size
  
  214KB
- MD5
  
  56419e914a1f08d5b046ced4ea9f838c
- SHA1
  
  90cfedcd250b2f2a348a34092e2b66165e2ba9f9
- SHA256
  
  0bc25795cfc0ef1971a91f41c6009eccc1e77cb4c823af3e2c79c5cc2d17d860
- SHA512
  
  0bbad200c1fbf836056e8ab8d543c44485f29aff617f98caa519d87213da342a18e4b5de60d90c2ff1fb742421c274bce2e42cdbea72cba8ee1d929a7b62a16d
- SSDEEP
  
  3072:eXpQ6H/CLaL3AFbmv5SyqeryKJMJIMhFqE4Vqi6gereSMFBKM80KUOn/:mLH/CLacmvLt+Jdh8pVzQeCM80m/
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan