danabot | b99f047806d2b4a3c4da0e87d7c8aa1d1a3c17dae0dde089d896328600fc211b | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

b99f047806d2b4a3c4da0e87d7c8aa1d1a3c17dae0dde089d896328600fc211b
Size

221KB
Sample

221024-28j1xsahg9
MD5

f696547b87fb1d7c5dd4197979490e20
SHA1

7daa7b49d3b596313fd795e557ff2ca2f0fddf12
SHA256

b99f047806d2b4a3c4da0e87d7c8aa1d1a3c17dae0dde089d896328600fc211b
SHA512

3c81bc47d411087b627df4b4ab2ac3a6e9a43969f7ccbdc9c84a65b5e4c35be3797b723a6a1f2daacaac6327e7b4543399fb186d372135ca3d768c29eb8985b0
SSDEEP

3072:TUnW5dHsT6g7dLnL4WhhwY6F5AgI/kme4rF4D3je6Osh:TUWzKL4WgYrgme4k3

Score

10^/10

danabot vidar 937 banker discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

b99f047806d2b4a3c4da0e87d7c8aa1d1a3c17dae0dde089d896328600fc211b.exe

Resource

win10-20220812-en

danabot vidar 937 banker discovery spyware stealer trojan

windows10-1703-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
569235DCA8F16ED8310BBACCB674F896
type
loader

Extracted

Family

vidar

Version

55.2

Botnet

937

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
937

Targets

- Target
  
  b99f047806d2b4a3c4da0e87d7c8aa1d1a3c17dae0dde089d896328600fc211b
- Size
  
  221KB
- MD5
  
  f696547b87fb1d7c5dd4197979490e20
- SHA1
  
  7daa7b49d3b596313fd795e557ff2ca2f0fddf12
- SHA256
  
  b99f047806d2b4a3c4da0e87d7c8aa1d1a3c17dae0dde089d896328600fc211b
- SHA512
  
  3c81bc47d411087b627df4b4ab2ac3a6e9a43969f7ccbdc9c84a65b5e4c35be3797b723a6a1f2daacaac6327e7b4543399fb186d372135ca3d768c29eb8985b0
- SSDEEP
  
  3072:TUnW5dHsT6g7dLnL4WhhwY6F5AgI/kme4rF4D3je6Osh:TUWzKL4WgYrgme4k3
Score

10^/10

danabot vidar 937 banker discovery spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotvidar937bankerdiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy