danabot | feb51227aff66478f678e970927968a5548d51d585519c9954f9ceb7e0807e30 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

feb51227aff66478f678e970927968a5548d51d585519c9954f9ceb7e0807e30
Size

214KB
Sample

221218-rvlx9afb7y
MD5

5844764fbdf79a7c7fc86c4138a1107a
SHA1

57c0741944242e9b7db789231b18cef291c527ae
SHA256

feb51227aff66478f678e970927968a5548d51d585519c9954f9ceb7e0807e30
SHA512

2336b0c2509a5dec0ca563324995ea4fcb6bc3a44c30179bf4dc324bfb76124329fd91c520f9c2c419bd7921e4f8e4365e243e8efdabc4028e93089507c45351
SSDEEP

3072:wm+H3LBDtR8izIJvUirgENfkxayg3uhRJ0sCLEHHOil3lk025PH:LWLRgJdgOMxaL+HrHjlVklPH

Score

10^/10

danabot banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

feb51227aff66478f678e970927968a5548d51d585519c9954f9ceb7e0807e30.exe

Resource

win10-20220812-en

danabot banker trojan

windows10-1703-x64

20 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443

Attributes

embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
type
loader

Targets

- Target
  
  feb51227aff66478f678e970927968a5548d51d585519c9954f9ceb7e0807e30
- Size
  
  214KB
- MD5
  
  5844764fbdf79a7c7fc86c4138a1107a
- SHA1
  
  57c0741944242e9b7db789231b18cef291c527ae
- SHA256
  
  feb51227aff66478f678e970927968a5548d51d585519c9954f9ceb7e0807e30
- SHA512
  
  2336b0c2509a5dec0ca563324995ea4fcb6bc3a44c30179bf4dc324bfb76124329fd91c520f9c2c419bd7921e4f8e4365e243e8efdabc4028e93089507c45351
- SSDEEP
  
  3072:wm+H3LBDtR8izIJvUirgENfkxayg3uhRJ0sCLEHHOil3lk025PH:LWLRgJdgOMxaL+HrHjlVklPH
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan

© 2018-2024

Terms | Privacy