danabot | 2636d2eaa0e284a5e079b558af958ff94b5375893aa39ef55f4f55f7221e6d6e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

2636d2eaa0e284a5e079b558af958ff94b5375893aa39ef55f4f55f7221e6d6e
Size

327KB
Sample

221215-lx6gsacb29
MD5

8d73778b1e919c68f023e8995a8aaee0
SHA1

b6ba513b4bf1830451aed41121ddf8b5e32ee01f
SHA256

2636d2eaa0e284a5e079b558af958ff94b5375893aa39ef55f4f55f7221e6d6e
SHA512

55d1de360d01ed559e44542254bc454d8d22e7b63f167265fb40d68c82c11c37f43e43d221ae76c841eaf736432ac87b63066056db91871289afb49b2598d999
SSDEEP

6144:0YEcLdiKSYgGFVQ2S9d4eWtGncS3Sbjfxur/tb:BhiKA2S9d3WtGnZSbjJurR

Score

10^/10

danabot systembc banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

2636d2eaa0e284a5e079b558af958ff94b5375893aa39ef55f4f55f7221e6d6e.exe

Resource

win10-20220901-en

danabot systembc banker trojan

windows10-1703-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

type
loader

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

- Target
  
  2636d2eaa0e284a5e079b558af958ff94b5375893aa39ef55f4f55f7221e6d6e
- Size
  
  327KB
- MD5
  
  8d73778b1e919c68f023e8995a8aaee0
- SHA1
  
  b6ba513b4bf1830451aed41121ddf8b5e32ee01f
- SHA256
  
  2636d2eaa0e284a5e079b558af958ff94b5375893aa39ef55f4f55f7221e6d6e
- SHA512
  
  55d1de360d01ed559e44542254bc454d8d22e7b63f167265fb40d68c82c11c37f43e43d221ae76c841eaf736432ac87b63066056db91871289afb49b2598d999
- SSDEEP
  
  6144:0YEcLdiKSYgGFVQ2S9d4eWtGncS3Sbjfxur/tb:BhiKA2S9d3WtGnZSbjJurR
Score

10^/10

danabot systembc banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsystembcbankertrojan

© 2018-2024

Terms | Privacy