danabot | cd4b3dcebba5261c5409b00013fc7966805ab35ad2aad2f70ab0db20b5066e3e | Triage

Sharing

General

Target

cd4b3dcebba5261c5409b00013fc7966805ab35ad2aad2f70ab0db20b5066e3e
Size

6.0MB
Sample

221220-rtatlada9w
MD5

03ef1a23a812ee63c39ec21a9612ba64
SHA1

1a6f6ac01f1d1e9bd9ebbe2b09ea506bbaa55515
SHA256

cd4b3dcebba5261c5409b00013fc7966805ab35ad2aad2f70ab0db20b5066e3e
SHA512

8888101c6c551ac7301862054f3c4bfae2996b34ed2d0bf82fcf0d8208dd5af4604731b6089dffaedae40a4af54eeb1a727824325272e924bf0f58279c2ef6ae
SSDEEP

98304:iQYdMLfs7EtIxzqF77MBJ63Q4QlN1ZivjpMKmjVFVSPolF:XWEtMqh5jpMrFl

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

type
loader

Targets

- Target
  
  cd4b3dcebba5261c5409b00013fc7966805ab35ad2aad2f70ab0db20b5066e3e
- Size
  
  6.0MB
- MD5
  
  03ef1a23a812ee63c39ec21a9612ba64
- SHA1
  
  1a6f6ac01f1d1e9bd9ebbe2b09ea506bbaa55515
- SHA256
  
  cd4b3dcebba5261c5409b00013fc7966805ab35ad2aad2f70ab0db20b5066e3e
- SHA512
  
  8888101c6c551ac7301862054f3c4bfae2996b34ed2d0bf82fcf0d8208dd5af4604731b6089dffaedae40a4af54eeb1a727824325272e924bf0f58279c2ef6ae
- SSDEEP
  
  98304:iQYdMLfs7EtIxzqF77MBJ63Q4QlN1ZivjpMKmjVFVSPolF:XWEtMqh5jpMrFl
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan