Overview

overview

10

Static

static

10

HEUR-Troja...d0.dll

windows7-x64

10

HEUR-Troja...d0.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    HEUR-Trojan-Banker.Win32.Danabot.gen-5e04a3d0.dll

  • Size

    1.2MB

  • Sample

    221112-mkdfxaeh37

  • MD5

    09e361c84a62b723ff0ba6b7c6ceb708

  • SHA1

    4929bb7ca9315d388173c73cef25dfb3ea74f8d6

  • SHA256

    5e04a3d0062093c8e795733a990e668705728c242b4c47c63cf54b35b14ba99d

  • SHA512

    caf259991d6db9d37c0d8df3a9fd54cfa1e38ab82ea44608dbd1bc99e1f332da63fd1224be5688206f578d6c8742bdcb5c0c861384950000a6586470e72e2573

  • SSDEEP

    24576:8b1nfBwzVWsEqGhfgl01nezvEcm86CMvihkH5eM1T/vyG:4uEZOI2842zYWT/v

Score
10/10
danabot11bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

11

C2

54.250.13.251:443

134.122.53.241:443

13.53.234.226:443

35.182.95.170:443
Attributes
  • embedded_hash

    E9487618F966D7A08194A9E220290BD9

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      HEUR-Trojan-Banker.Win32.Danabot.gen-5e04a3d0.dll

    • Size

      1.2MB

    • MD5

      09e361c84a62b723ff0ba6b7c6ceb708

    • SHA1

      4929bb7ca9315d388173c73cef25dfb3ea74f8d6

    • SHA256

      5e04a3d0062093c8e795733a990e668705728c242b4c47c63cf54b35b14ba99d

    • SHA512

      caf259991d6db9d37c0d8df3a9fd54cfa1e38ab82ea44608dbd1bc99e1f332da63fd1224be5688206f578d6c8742bdcb5c0c861384950000a6586470e72e2573

    • SSDEEP

      24576:8b1nfBwzVWsEqGhfgl01nezvEcm86CMvihkH5eM1T/vyG:4uEZOI2842zYWT/v

    Score
    10/10
    danabot11bankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot Loader Component

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks