danabot | 5b18b1a015f97f0a10588dc878decc6ce3647775a72fba603faa634991e344a7 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

5b18b1a015f97f0a10588dc878decc6ce3647775a72fba603faa634991e344a7
Size

1.1MB
Sample

221220-v3eexsae29
MD5

bc20d690de78a10ef14a6bdcaa1c1005
SHA1

5db5e26825af57337387bd4d87217133e024d397
SHA256

5b18b1a015f97f0a10588dc878decc6ce3647775a72fba603faa634991e344a7
SHA512

a5dba857447d194035f76c6cd1ce4cc334b620552e033988121aa938c5fb964f8cd0227940505ed310b95e688f22f486f62e4468c36b0bad921b79c6ef230949
SSDEEP

24576:F7qpXq7PdV3kRMRKNZpgdmCCr020z4APZTNOwXBz9ka/s8A:kXSPT2MmZSdmCCr6zhP9NOwX5/0

Score

10^/10

danabot banker discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

5b18b1a015f97f0a10588dc878decc6ce3647775a72fba603faa634991e344a7.exe

Resource

win10-20220812-en

danabot banker discovery persistence trojan

windows10-1703-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  5b18b1a015f97f0a10588dc878decc6ce3647775a72fba603faa634991e344a7
- Size
  
  1.1MB
- MD5
  
  bc20d690de78a10ef14a6bdcaa1c1005
- SHA1
  
  5db5e26825af57337387bd4d87217133e024d397
- SHA256
  
  5b18b1a015f97f0a10588dc878decc6ce3647775a72fba603faa634991e344a7
- SHA512
  
  a5dba857447d194035f76c6cd1ce4cc334b620552e033988121aa938c5fb964f8cd0227940505ed310b95e688f22f486f62e4468c36b0bad921b79c6ef230949
- SSDEEP
  
  24576:F7qpXq7PdV3kRMRKNZpgdmCCr020z4APZTNOwXBz9ka/s8A:kXSPT2MmZSdmCCr6zhP9NOwX5/0
Score

10^/10

danabot banker discovery persistence trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankerdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy