danabot | f6021e91b81a4c8b67b8de900402b20ad0fc306730f197fe2b09da36254702c7 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

f6021e91b81a4c8b67b8de900402b20ad0fc306730f197fe2b09da36254702c7
Size

2.5MB
Sample

221208-zf2ddsed4x
MD5

c4409a7d003bde5729eb9760b3834bcc
SHA1

3b0e8141574dddd97eb60815d44acf7eec39a54f
SHA256

f6021e91b81a4c8b67b8de900402b20ad0fc306730f197fe2b09da36254702c7
SHA512

8769beeb986059f6322d51d3cad81d2bec9451d0b6776377241b438ffc01b2a6113f9825b3f7cbdd586e4a3272ce33e532aaf6ca6c5cb7a6101a0df5f4c4e1dd
SSDEEP

49152:GyK0q+a0dRW0aOMrYnUjfxirkl6p7Ud7V0PHUKAlsNbHjWzM8dKsz6UpkMJ:LK0q+p60aRYnaZEkl6BU12PxAlKbiTK2

Score

10^/10

danabot banker collection discovery persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f6021e91b81a4c8b67b8de900402b20ad0fc306730f197fe2b09da36254702c7.exe

Resource

win10v2004-20220901-en

danabot banker collection discovery persistence spyware stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
341D2FD1638BB267A80C7445E1909B57
type
loader

Targets

- Target
  
  f6021e91b81a4c8b67b8de900402b20ad0fc306730f197fe2b09da36254702c7
- Size
  
  2.5MB
- MD5
  
  c4409a7d003bde5729eb9760b3834bcc
- SHA1
  
  3b0e8141574dddd97eb60815d44acf7eec39a54f
- SHA256
  
  f6021e91b81a4c8b67b8de900402b20ad0fc306730f197fe2b09da36254702c7
- SHA512
  
  8769beeb986059f6322d51d3cad81d2bec9451d0b6776377241b438ffc01b2a6113f9825b3f7cbdd586e4a3272ce33e532aaf6ca6c5cb7a6101a0df5f4c4e1dd
- SSDEEP
  
  49152:GyK0q+a0dRW0aOMrYnUjfxirkl6p7Ud7V0PHUKAlsNbHjWzM8dKsz6UpkMJ:LK0q+p60aRYnaZEkl6BU12PxAlKbiTK2
Score

10^/10

danabot banker collection discovery persistence spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankercollectiondiscoverypersistencespywarestealertrojan

© 2018-2024

Terms | Privacy