Overview

overview

10

Static

static

59373e55e8...95.dll

windows7-x64

10

59373e55e8...95.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59373e55e84ab54d72a9055139cdd5f616cf20d675c80a6f43d0187e90708e95

  • Size

    2.4MB

  • Sample

    221220-rvz5wadb21

  • MD5

    9063f431865e37cebc4787654a00d422

  • SHA1

    28c42d6109dfd329580aa36e7c75a8053523ee8a

  • SHA256

    59373e55e84ab54d72a9055139cdd5f616cf20d675c80a6f43d0187e90708e95

  • SHA512

    4f276fcecbcec0cca1a6addfee3493a38038157cf1c4e176c766aaae9b758cd6010b1de5930077e14635762dcd1502602456797789c6e1fb337c1d76e454dc42

  • SSDEEP

    49152:zrqVHNsAsWe8AdaSTBfA3XGGuGqTN8LxZ:zaPenfA32h8Lz

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443
Attributes
  • embedded_hash

    92B83759E82A7F5FC8470055A5CEDCDB

  • type

    loader

Targets

    • Target

      59373e55e84ab54d72a9055139cdd5f616cf20d675c80a6f43d0187e90708e95

    • Size

      2.4MB

    • MD5

      9063f431865e37cebc4787654a00d422

    • SHA1

      28c42d6109dfd329580aa36e7c75a8053523ee8a

    • SHA256

      59373e55e84ab54d72a9055139cdd5f616cf20d675c80a6f43d0187e90708e95

    • SHA512

      4f276fcecbcec0cca1a6addfee3493a38038157cf1c4e176c766aaae9b758cd6010b1de5930077e14635762dcd1502602456797789c6e1fb337c1d76e454dc42

    • SSDEEP

      49152:zrqVHNsAsWe8AdaSTBfA3XGGuGqTN8LxZ:zaPenfA32h8Lz

    Score
    10/10
    danabotbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks