danabot | 2346e9b8dce669925fef36a5258ae2b3ea5840f21a94bff1999fb77212f04fc9 | Triage

Sharing

General

Target

2346e9b8dce669925fef36a5258ae2b3ea5840f21a94bff1999fb77212f04fc9
Size

3.6MB
Sample

221220-rv2zgadb3t
MD5

41fe97773c2e2d8600d771510f4c0d00
SHA1

642d9feb83d6afaa6b5f455f617914beedd67556
SHA256

2346e9b8dce669925fef36a5258ae2b3ea5840f21a94bff1999fb77212f04fc9
SHA512

bbc823c37970e45e05ad9a507416b70f21d75caab2420da04171846fef1f04b71c5ad41c9234f3ee9fd1965e48c80846d37ec70f8b0f965c52bf0160d12abb47
SSDEEP

49152:zjvWrU4VyUHA3iRYoySMbSsigAh14tKS2lw4I0LGAEfxQGV3O:3wU4VyUHpRYoESsigAly4

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443

Attributes

embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
type
loader

Targets

- Target
  
  2346e9b8dce669925fef36a5258ae2b3ea5840f21a94bff1999fb77212f04fc9
- Size
  
  3.6MB
- MD5
  
  41fe97773c2e2d8600d771510f4c0d00
- SHA1
  
  642d9feb83d6afaa6b5f455f617914beedd67556
- SHA256
  
  2346e9b8dce669925fef36a5258ae2b3ea5840f21a94bff1999fb77212f04fc9
- SHA512
  
  bbc823c37970e45e05ad9a507416b70f21d75caab2420da04171846fef1f04b71c5ad41c9234f3ee9fd1965e48c80846d37ec70f8b0f965c52bf0160d12abb47
- SSDEEP
  
  49152:zjvWrU4VyUHA3iRYoySMbSsigAh14tKS2lw4I0LGAEfxQGV3O:3wU4VyUHpRYoESsigAly4
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan