danabot | 98dcf623473af9d9d203d2bd12766bb4432864f2de05cf1c95f751dec8f9f46b | Triage

Sharing

General

Target

98dcf623473af9d9d203d2bd12766bb4432864f2de05cf1c95f751dec8f9f46b
Size

213KB
Sample

221218-r78yjsfc5z
MD5

08ae7a1aa9f217f506a489468d0b7fd2
SHA1

537c5ce4a56125d0cba972f10107c7907b1f29d9
SHA256

98dcf623473af9d9d203d2bd12766bb4432864f2de05cf1c95f751dec8f9f46b
SHA512

e63619b07be2ce94143663095187cfcc5921e8148e527380fa96df08d746ba45f09f1b75b92f7f0b8de8b2f42b9fe4767794cf944687eed37e2a81a7234a3548
SSDEEP

3072:EZgY11L5BBckRzOiMfWZ+QVfSjHs3GR6HSj9dPZg3uyuP+HOil3lk025PH:/EL7qkbZTSw3Yl56+OjlVklPH

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
type
loader

Targets

- Target
  
  98dcf623473af9d9d203d2bd12766bb4432864f2de05cf1c95f751dec8f9f46b
- Size
  
  213KB
- MD5
  
  08ae7a1aa9f217f506a489468d0b7fd2
- SHA1
  
  537c5ce4a56125d0cba972f10107c7907b1f29d9
- SHA256
  
  98dcf623473af9d9d203d2bd12766bb4432864f2de05cf1c95f751dec8f9f46b
- SHA512
  
  e63619b07be2ce94143663095187cfcc5921e8148e527380fa96df08d746ba45f09f1b75b92f7f0b8de8b2f42b9fe4767794cf944687eed37e2a81a7234a3548
- SSDEEP
  
  3072:EZgY11L5BBckRzOiMfWZ+QVfSjHs3GR6HSj9dPZg3uyuP+HOil3lk025PH:/EL7qkbZTSw3Yl56+OjlVklPH
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan