danabot | ff877b5f0373267f1b02e1f897161c1ff8b700eb51af62258256e94f22210cf9 | Triage

Submit
Reports

Overview

overview

Static

static

08a5c87ab1...b7.exe

windows7-x64

08a5c87ab1...b7.exe

windows10-2004-x64

8

Sharing

General

Target

08a5c87ab1ea14d269adfc5ae54db174b3465d0a7d9ba590dd6606091440b9b7
Size

974KB
Sample

221219-v9b85sfe94
MD5

40b7d1bc97b9d8f3008a23577a00fa90
SHA1

f3d6e2c0c144cd8773fd40ddd206ea9706af1ee6
SHA256

ff877b5f0373267f1b02e1f897161c1ff8b700eb51af62258256e94f22210cf9
SHA512

fcc5596d03ec7f58c61284b894e4cf57aca5f3f9d57329732506c103e4d106706eb95cd5d7c87616924c149f145b8479d4c586e2b5ffb3851f5547ba1e5a2c8a
SSDEEP

24576:a86BcaMH/mQ0NGCPZuLzbtOT9GIhgqgaqgZZC3M7I64Y:a8k/A/muCPAtSJmaqIZxN

Score

10^/10

danabot banker discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

08a5c87ab1ea14d269adfc5ae54db174b3465d0a7d9ba590dd6606091440b9b7.exe

Resource

win7-20220812-en

danabot banker discovery persistence trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

08a5c87ab1ea14d269adfc5ae54db174b3465d0a7d9ba590dd6606091440b9b7.exe

Resource

win10v2004-20221111-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  08a5c87ab1ea14d269adfc5ae54db174b3465d0a7d9ba590dd6606091440b9b7
- Size
  
  1.1MB
- MD5
  
  c9234f802b4fb9bcf16237d438fa86e6
- SHA1
  
  81b2eb0d8d06c0006929a3e0ebdaf6615aca1908
- SHA256
  
  08a5c87ab1ea14d269adfc5ae54db174b3465d0a7d9ba590dd6606091440b9b7
- SHA512
  
  8c018af20bad4de00125fe1cdbeb7b8bb059846b7b67c75d31cd12bb909b7f012517bb7d31641a2d7156cf3a9798cccd14dd542f5e2079bd0d47a29c96102bd3
- SSDEEP
  
  24576:VM6foBca4H/sQ0NG6LdS9tbtOTxGIraEgsKiZZK3QASvzK6r:jfe/k/su6LatMDcsKKZYSvzKM
Score

10^/10

danabot banker discovery persistence trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankerdiscoverypersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy