danabot | 42156a7626a184e4edb12b9fffe5a31bcae103a8d210138175272077b93dfab8 | Triage

Sharing

General

Target

HEUR-Trojan-Banker.Win32.Danabot.gen-42156a76.dll
Size

1.2MB
Sample

221112-lpwydaef96
MD5

1465a7ff75a2e8636db1be0fac7d7e12
SHA1

58fb4a6f02e5639a266ccc39fb71c1d6a687305b
SHA256

42156a7626a184e4edb12b9fffe5a31bcae103a8d210138175272077b93dfab8
SHA512

e48f87098dfbf24c166fb9a09302a659de91cdd4294c7e7507c51707f0bd69e982ec079f6ddd0b56336a71d6a9696d2cfe0aeeae50d76a45a4dcd9f1157ba839
SSDEEP

24576:8b1nfBwzVWsEqGhfgl01nezvEcm86CMvihkH5eMOT/vyG:4uEZOI2842zYpT/v

Score

10^/10

danabot 11 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

11

C2

54.250.13.251:443

134.122.53.241:443

13.53.234.226:443

35.182.95.170:443

Attributes

embedded_hash
E9487618F966D7A08194A9E220290BD9
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  HEUR-Trojan-Banker.Win32.Danabot.gen-42156a76.dll
- Size
  
  1.2MB
- MD5
  
  1465a7ff75a2e8636db1be0fac7d7e12
- SHA1
  
  58fb4a6f02e5639a266ccc39fb71c1d6a687305b
- SHA256
  
  42156a7626a184e4edb12b9fffe5a31bcae103a8d210138175272077b93dfab8
- SHA512
  
  e48f87098dfbf24c166fb9a09302a659de91cdd4294c7e7507c51707f0bd69e982ec079f6ddd0b56336a71d6a9696d2cfe0aeeae50d76a45a4dcd9f1157ba839
- SSDEEP
  
  24576:8b1nfBwzVWsEqGhfgl01nezvEcm86CMvihkH5eMOT/vyG:4uEZOI2842zYpT/v
Score

10^/10

danabot 11 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot11bankertrojan

behavioral2