danabot | a6df99ac6606ecd14147cac00eaa3db20fc8144177e7248d1dc5dca3829b0971 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

a6df99ac6606ecd14147cac00eaa3db20fc8144177e7248d1dc5dca3829b0971
Size

230KB
Sample

221025-j6rnwacabq
MD5

9ff70e4d90f5e4b42a6e3b06bdeb5c3c
SHA1

4c2037f0d16854c95400b7378bf5c9da15278fe7
SHA256

a6df99ac6606ecd14147cac00eaa3db20fc8144177e7248d1dc5dca3829b0971
SHA512

68b7b1977e514b7b32cbd17d557842caef77f1ac55cfeaa939c4e162e069001cbb774835d4c79dd8d30ba33adbf77231ef3e08ce20b90e9f8165e4161f8b6371
SSDEEP

3072:oXr5dLhUWm8Y5trxfjdy1UQyqe+39KXJx4NgbYO7MB6TaUpRRMl:8FdLvm8crxfsUQVo8yYp0Ta22l

Score

10^/10

danabot vidar 937 banker discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

a6df99ac6606ecd14147cac00eaa3db20fc8144177e7248d1dc5dca3829b0971.exe

Resource

win10-20220812-en

danabot vidar 937 banker discovery spyware stealer trojan

windows10-1703-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
569235DCA8F16ED8310BBACCB674F896
type
loader

Extracted

Family

vidar

Version

55.2

Botnet

937

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
937

Targets

- Target
  
  a6df99ac6606ecd14147cac00eaa3db20fc8144177e7248d1dc5dca3829b0971
- Size
  
  230KB
- MD5
  
  9ff70e4d90f5e4b42a6e3b06bdeb5c3c
- SHA1
  
  4c2037f0d16854c95400b7378bf5c9da15278fe7
- SHA256
  
  a6df99ac6606ecd14147cac00eaa3db20fc8144177e7248d1dc5dca3829b0971
- SHA512
  
  68b7b1977e514b7b32cbd17d557842caef77f1ac55cfeaa939c4e162e069001cbb774835d4c79dd8d30ba33adbf77231ef3e08ce20b90e9f8165e4161f8b6371
- SSDEEP
  
  3072:oXr5dLhUWm8Y5trxfjdy1UQyqe+39KXJx4NgbYO7MB6TaUpRRMl:8FdLvm8crxfsUQVo8yYp0Ta22l
Score

10^/10

danabot vidar 937 banker discovery spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotvidar937bankerdiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy