danabot | 054658904a19e8864e90f1e125c92530d57a2d911dafa7fd97eb45d8856922db | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

054658904a19e8864e90f1e125c92530d57a2d911dafa7fd97eb45d8856922db
Size

1004KB
Sample

221218-1cj6dagg21
MD5

1a8e406d5c8ee2782bef58cedc387bca
SHA1

d8f8eb4a2245e0688d031f511a04c0d219f94356
SHA256

054658904a19e8864e90f1e125c92530d57a2d911dafa7fd97eb45d8856922db
SHA512

72f216529ec432d525e1843cfaf77f0109a37e429042d0f19ea2acd3ecacdd5728d8410de2c76c1e20b39ee060f693ad1827dce83f75deb043692d9d06b8b6a9
SSDEEP

24576:xIx3Z40aPvEYPgLOI8Z1R1ZEvyTA+7DPKMbUAbkznKYbXF:KJuvrg6I8dhA+3hUYkrJX

Score

10^/10

danabot banker collection discovery persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

054658904a19e8864e90f1e125c92530d57a2d911dafa7fd97eb45d8856922db.exe

Resource

win10v2004-20220812-en

danabot banker collection discovery persistence spyware stealer trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  054658904a19e8864e90f1e125c92530d57a2d911dafa7fd97eb45d8856922db
- Size
  
  1004KB
- MD5
  
  1a8e406d5c8ee2782bef58cedc387bca
- SHA1
  
  d8f8eb4a2245e0688d031f511a04c0d219f94356
- SHA256
  
  054658904a19e8864e90f1e125c92530d57a2d911dafa7fd97eb45d8856922db
- SHA512
  
  72f216529ec432d525e1843cfaf77f0109a37e429042d0f19ea2acd3ecacdd5728d8410de2c76c1e20b39ee060f693ad1827dce83f75deb043692d9d06b8b6a9
- SSDEEP
  
  24576:xIx3Z40aPvEYPgLOI8Z1R1ZEvyTA+7DPKMbUAbkznKYbXF:KJuvrg6I8dhA+3hUYkrJX
Score

10^/10

danabot banker collection discovery persistence spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankercollectiondiscoverypersistencespywarestealertrojan

© 2018-2024

Terms | Privacy