danabot | 7dc325ecfb31c0469a00ae128ebb48a07bedb8450129992ad1ebc03a203e201c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

7dc325ecfb31c0469a00ae128ebb48a07bedb8450129992ad1ebc03a203e201c
Size

217KB
Sample

221017-fb1fraaggq
MD5

4b7ce2566ff073042f8977b6d61d057e
SHA1

83b8b13b1e62b139c7b9cbcb1fc91dd5223035a0
SHA256

7dc325ecfb31c0469a00ae128ebb48a07bedb8450129992ad1ebc03a203e201c
SHA512

2646c8690aa1db5131b882a6c7e55a750048a5f51c90d6bd93ab83b523bfc81da6776f2c65ea804227eb9c5637de554afb8b13d7c7afdd7fb47af3dbcb7854db
SSDEEP

3072:PSWvCXSDNk5S0FEK0zLfItdafqZ5nSnD6n6/eLBvqIHe9pSaxap:PXCSkg0FEJLfydaASen6/CPe9pSa

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Targets

- Target
  
  7dc325ecfb31c0469a00ae128ebb48a07bedb8450129992ad1ebc03a203e201c
- Size
  
  217KB
- MD5
  
  4b7ce2566ff073042f8977b6d61d057e
- SHA1
  
  83b8b13b1e62b139c7b9cbcb1fc91dd5223035a0
- SHA256
  
  7dc325ecfb31c0469a00ae128ebb48a07bedb8450129992ad1ebc03a203e201c
- SHA512
  
  2646c8690aa1db5131b882a6c7e55a750048a5f51c90d6bd93ab83b523bfc81da6776f2c65ea804227eb9c5637de554afb8b13d7c7afdd7fb47af3dbcb7854db
- SSDEEP
  
  3072:PSWvCXSDNk5S0FEK0zLfItdafqZ5nSnD6n6/eLBvqIHe9pSaxap:PXCSkg0FEJLfydaASen6/CPe9pSa
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan