danabot | 2346e9b8dce669925fef36a5258ae2b3ea5840f21a94bff1999fb77212f04fc9 | Triage

Sharing

General

Target

2346e9b8dce669925fef36a5258ae2b3ea5840f21a94bff1999fb77212f04fc9
Size

3.6MB
Sample

221220-rv2zgadb3t
MD5

41fe97773c2e2d8600d771510f4c0d00
SHA1

642d9feb83d6afaa6b5f455f617914beedd67556
SHA256

2346e9b8dce669925fef36a5258ae2b3ea5840f21a94bff1999fb77212f04fc9
SHA512

bbc823c37970e45e05ad9a507416b70f21d75caab2420da04171846fef1f04b71c5ad41c9234f3ee9fd1965e48c80846d37ec70f8b0f965c52bf0160d12abb47
SSDEEP

49152:zjvWrU4VyUHA3iRYoySMbSsigAh14tKS2lw4I0LGAEfxQGV3O:3wU4VyUHpRYoESsigAly4

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443

Attributes

embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
type
loader

Targets

- Target
  
  2346e9b8dce669925fef36a5258ae2b3ea5840f21a94bff1999fb77212f04fc9
- Size
  
  3.6MB
- MD5
  
  41fe97773c2e2d8600d771510f4c0d00
- SHA1
  
  642d9feb83d6afaa6b5f455f617914beedd67556
- SHA256
  
  2346e9b8dce669925fef36a5258ae2b3ea5840f21a94bff1999fb77212f04fc9
- SHA512
  
  bbc823c37970e45e05ad9a507416b70f21d75caab2420da04171846fef1f04b71c5ad41c9234f3ee9fd1965e48c80846d37ec70f8b0f965c52bf0160d12abb47
- SSDEEP
  
  49152:zjvWrU4VyUHA3iRYoySMbSsigAh14tKS2lw4I0LGAEfxQGV3O:3wU4VyUHpRYoESsigAly4
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan