danabot | ce4234cebbaf5ad991b4e09bfcafbd80d772bbe8b88d3680e839e8280b29ec13 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

ce4234cebbaf5ad991b4e09bfcafbd80d772bbe8b88d3680e839e8280b29ec13
Size

1.1MB
Sample

221221-d2mlgaef6w
MD5

4f8f0cab806928b5c4985da540a0040e
SHA1

ab7d7eef9e748e0fb0dae857dfb9e730b745fbfd
SHA256

ce4234cebbaf5ad991b4e09bfcafbd80d772bbe8b88d3680e839e8280b29ec13
SHA512

959b03e140c2af071841ba96dc9e194d78f31be019cb1f5909695bcca6fc110e0dab4047f3cc87cd17fc96834b51254e2dd9eef83e7ff696b6e3be9b60c10d7b
SSDEEP

24576:gaU4S7wNNaWFh8epb3pBe9F1xYbaoIIjX/TjV:gaU4aWzxbAF1waoIuXrjV

Score

10^/10

danabot banker discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

ce4234cebbaf5ad991b4e09bfcafbd80d772bbe8b88d3680e839e8280b29ec13.exe

Resource

win10-20220812-en

danabot banker discovery persistence trojan

windows10-1703-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  ce4234cebbaf5ad991b4e09bfcafbd80d772bbe8b88d3680e839e8280b29ec13
- Size
  
  1.1MB
- MD5
  
  4f8f0cab806928b5c4985da540a0040e
- SHA1
  
  ab7d7eef9e748e0fb0dae857dfb9e730b745fbfd
- SHA256
  
  ce4234cebbaf5ad991b4e09bfcafbd80d772bbe8b88d3680e839e8280b29ec13
- SHA512
  
  959b03e140c2af071841ba96dc9e194d78f31be019cb1f5909695bcca6fc110e0dab4047f3cc87cd17fc96834b51254e2dd9eef83e7ff696b6e3be9b60c10d7b
- SSDEEP
  
  24576:gaU4S7wNNaWFh8epb3pBe9F1xYbaoIIjX/TjV:gaU4aWzxbAF1waoIuXrjV
Score

10^/10

danabot banker discovery persistence trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotbankerdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy