danabot | 081d7f5bb4494cfa0884dd71408f668406a997584fe42f7da652a50471646e94 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

081d7f5bb4494cfa0884dd71408f668406a997584fe42f7da652a50471646e94
Size

4.2MB
Sample

221217-ne3paabd9s
MD5

c6d8d381427edcdf21540c0793744363
SHA1

f219432c9b637b1f2f34db3a52812dab34f57a96
SHA256

081d7f5bb4494cfa0884dd71408f668406a997584fe42f7da652a50471646e94
SHA512

004fee959cde67e44363d9218b75abd08bb30d11f24c7edb287557e744632ee9a10db4266f3f88c96e7e47d7871ab562073ebb9d263f1fd8ce0d94f62b970106
SSDEEP

98304:/b/IVFOgzb0Rd1WE8DIAmv5KX9DiDa++czw1jN0qgfZY+y:/Oh5E8DIAmv5KXtl++czw5N0qMD

Score

10^/10

danabot banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

081d7f5bb4494cfa0884dd71408f668406a997584fe42f7da652a50471646e94.exe

Resource

win10v2004-20221111-en

danabot banker trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

type
loader

Targets

- Target
  
  081d7f5bb4494cfa0884dd71408f668406a997584fe42f7da652a50471646e94
- Size
  
  4.2MB
- MD5
  
  c6d8d381427edcdf21540c0793744363
- SHA1
  
  f219432c9b637b1f2f34db3a52812dab34f57a96
- SHA256
  
  081d7f5bb4494cfa0884dd71408f668406a997584fe42f7da652a50471646e94
- SHA512
  
  004fee959cde67e44363d9218b75abd08bb30d11f24c7edb287557e744632ee9a10db4266f3f88c96e7e47d7871ab562073ebb9d263f1fd8ce0d94f62b970106
- SSDEEP
  
  98304:/b/IVFOgzb0Rd1WE8DIAmv5KX9DiDa++czw1jN0qgfZY+y:/Oh5E8DIAmv5KXtl++czw5N0qMD
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan

© 2018-2025

Terms | Privacy