danabot | baf04deceb528bfb0e9026ea59cc0e990d6fb801a543de52ae06adec8c25461d | Triage

Sharing

General

Target

baf04deceb528bfb0e9026ea59cc0e990d6fb801a543de52ae06adec8c25461d
Size

6.0MB
Sample

221220-rnhl9ahh55
MD5

89a5990fa68c0a5e6e37abfefa644a9e
SHA1

4117d473ae5cd47d6645ede338232ab7f1bd8cd1
SHA256

baf04deceb528bfb0e9026ea59cc0e990d6fb801a543de52ae06adec8c25461d
SHA512

e29d90b7e7f14b06c2378bc1547c8b26f6d9c009ddd4139527ff22fa3f3de11bc8388f0c6e1ca90f0f904d78b408acc03248a7ced4517681480ff480c9544966
SSDEEP

98304:6gneR9kp4C6i07BHQvWaUbNWQ4QlotB99GBRngd42LEeVSP4+V:6xq4C69pQxG7nOfl+

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

type
loader

Targets

- Target
  
  baf04deceb528bfb0e9026ea59cc0e990d6fb801a543de52ae06adec8c25461d
- Size
  
  6.0MB
- MD5
  
  89a5990fa68c0a5e6e37abfefa644a9e
- SHA1
  
  4117d473ae5cd47d6645ede338232ab7f1bd8cd1
- SHA256
  
  baf04deceb528bfb0e9026ea59cc0e990d6fb801a543de52ae06adec8c25461d
- SHA512
  
  e29d90b7e7f14b06c2378bc1547c8b26f6d9c009ddd4139527ff22fa3f3de11bc8388f0c6e1ca90f0f904d78b408acc03248a7ced4517681480ff480c9544966
- SSDEEP
  
  98304:6gneR9kp4C6i07BHQvWaUbNWQ4QlotB99GBRngd42LEeVSP4+V:6xq4C69pQxG7nOfl+
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan