danabot | 39c23140c9f9b1714fc31daed4e8c3606a891c11e760814a98492c0892e2c2f3 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

39c23140c9f9b1714fc31daed4e8c3606a891c11e760814a98492c0892e2c2f3
Size

239KB
Sample

221212-stkt8sed7v
MD5

37dcac9bbe3a4d63bc1c0e287947d235
SHA1

233e6913eee05ba117e25d1492c13b11248294fa
SHA256

39c23140c9f9b1714fc31daed4e8c3606a891c11e760814a98492c0892e2c2f3
SHA512

6a1d8363fff6901b1ffea805ae61afc869c02734318df0dc8455bb686b5d94d4de16750eeea00dbd16975e9bc35c8579e9ae96320e39185df1b470e3f6c5062d
SSDEEP

3072:6tY6+LaFYr5S3mAr5/u2dSj8vXFonGhOmohdBcf0EkfeRbR8pgX:FLd5S3mou2dKA9boyftkfecpgX

Score

10^/10

danabot systembc banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

39c23140c9f9b1714fc31daed4e8c3606a891c11e760814a98492c0892e2c2f3.exe

Resource

win10-20220812-en

danabot systembc banker trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

- Target
  
  39c23140c9f9b1714fc31daed4e8c3606a891c11e760814a98492c0892e2c2f3
- Size
  
  239KB
- MD5
  
  37dcac9bbe3a4d63bc1c0e287947d235
- SHA1
  
  233e6913eee05ba117e25d1492c13b11248294fa
- SHA256
  
  39c23140c9f9b1714fc31daed4e8c3606a891c11e760814a98492c0892e2c2f3
- SHA512
  
  6a1d8363fff6901b1ffea805ae61afc869c02734318df0dc8455bb686b5d94d4de16750eeea00dbd16975e9bc35c8579e9ae96320e39185df1b470e3f6c5062d
- SSDEEP
  
  3072:6tY6+LaFYr5S3mAr5/u2dSj8vXFonGhOmohdBcf0EkfeRbR8pgX:FLd5S3mou2dKA9boyftkfecpgX
Score

10^/10

danabot systembc banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsystembcbankertrojan

© 2018-2024

Terms | Privacy