danabot | fdc1bc47aa1e043fc8869fa96aa7971ecf9d883260079b761ed523ca57f279f3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fdc1bc47aa1e043fc8869fa96aa7971ecf9d883260079b761ed523ca57f279f3
Size

228KB
Sample

221019-wb11aaaegk
MD5

7f5ac43f4bbe820db32d42b475d0ae2c
SHA1

8a39a7175606b0b13ee5198d8aeb93b964a5d9d3
SHA256

fdc1bc47aa1e043fc8869fa96aa7971ecf9d883260079b761ed523ca57f279f3
SHA512

653b2457b90422bbea0660e5f39698d0ed260ff55400ae058956b2b8ae30ad784244ee9a1d2c91bb61bd73d2d608a250614eecd15115cfa81133242feb922655
SSDEEP

3072:k+GH4wyAQoFrWRl0Fn9LusbwWSrbG6FvyklJfF9/3UlE9vZabZQ57:k+xLoQeF9Lbbw/rv/9l3UqZOE

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Targets

- Target
  
  fdc1bc47aa1e043fc8869fa96aa7971ecf9d883260079b761ed523ca57f279f3
- Size
  
  228KB
- MD5
  
  7f5ac43f4bbe820db32d42b475d0ae2c
- SHA1
  
  8a39a7175606b0b13ee5198d8aeb93b964a5d9d3
- SHA256
  
  fdc1bc47aa1e043fc8869fa96aa7971ecf9d883260079b761ed523ca57f279f3
- SHA512
  
  653b2457b90422bbea0660e5f39698d0ed260ff55400ae058956b2b8ae30ad784244ee9a1d2c91bb61bd73d2d608a250614eecd15115cfa81133242feb922655
- SSDEEP
  
  3072:k+GH4wyAQoFrWRl0Fn9LusbwWSrbG6FvyklJfF9/3UlE9vZabZQ57:k+xLoQeF9Lbbw/rv/9l3UqZOE
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan