danabot | c619ed514e2ce8d5b06b7a491992f6c855f7612a51d16205d775271d4a955284 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

c619ed514e2ce8d5b06b7a491992f6c855f7612a51d16205d775271d4a955284
Size

255KB
Sample

221025-xr7y7sdec4
MD5

a5d3a700096282227570e9c794fdb3f3
SHA1

a4d6970ce0515546e9d58b5df2b66734c92c882f
SHA256

c619ed514e2ce8d5b06b7a491992f6c855f7612a51d16205d775271d4a955284
SHA512

91498b7455a547edff16a74bcd6155ce6ce33e3a66dd980f011187824a537e94835ca9b4431d631227f8c17b233c687251212066f4280da613181f57fc3a9eca
SSDEEP

3072:GXVVinpHFLYS7GtqUM8ry8MRWnLtTyp3nclc1LWZ3hiK5ym+oBTHGZDKRn:urwlLToqUM8ry8TnLsWjX5ym+8TmYd

Score

10^/10

danabot vidar 937 banker discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

c619ed514e2ce8d5b06b7a491992f6c855f7612a51d16205d775271d4a955284.exe

Resource

win10-20220812-en

danabot vidar 937 banker discovery spyware stealer trojan

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

172.86.120.215:443

213.227.155.103:443

103.187.26.147:443

172.86.120.138:443

Attributes

embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
type
loader

Extracted

Family

vidar

Version

55.2

Botnet

937

C2

https://t.me/slivetalks

https://c.im/@xinibin420

Attributes

profile_id
937

Targets

- Target
  
  c619ed514e2ce8d5b06b7a491992f6c855f7612a51d16205d775271d4a955284
- Size
  
  255KB
- MD5
  
  a5d3a700096282227570e9c794fdb3f3
- SHA1
  
  a4d6970ce0515546e9d58b5df2b66734c92c882f
- SHA256
  
  c619ed514e2ce8d5b06b7a491992f6c855f7612a51d16205d775271d4a955284
- SHA512
  
  91498b7455a547edff16a74bcd6155ce6ce33e3a66dd980f011187824a537e94835ca9b4431d631227f8c17b233c687251212066f4280da613181f57fc3a9eca
- SSDEEP
  
  3072:GXVVinpHFLYS7GtqUM8ry8MRWnLtTyp3nclc1LWZ3hiK5ym+oBTHGZDKRn:urwlLToqUM8ry8TnLsWjX5ym+8TmYd
Score

10^/10

danabot vidar 937 banker discovery spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotvidar937bankerdiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy