danabot | fbbad9835d32b699f854725a673e9c10f08ed80a9a86315c48848e5f71f75333 | Triage

Sharing

General

Target

fbbad9835d32b699f854725a673e9c10f08ed80a9a86315c48848e5f71f75333
Size

5.7MB
Sample

230129-wca59afh58
MD5

aa9d7e5a4fe508da0621bf68e5a787b3
SHA1

c15476e58342ab61220b897fd10927fef3e7baeb
SHA256

fbbad9835d32b699f854725a673e9c10f08ed80a9a86315c48848e5f71f75333
SHA512

8675dd864917f0986cef225457ed07b762ce33e4ccd7b0f2b7885cd1c8963909c4b61fd034e15b6d8423ff3aaa76723a7501b925587d6e22f92ded2fee606b04
SSDEEP

98304:OwhBII9ysDtJR1R1xHSd1py4uecNphPIQTRTFCO/RIr:OwhcsDtJJHK1py4ulI6doeur

Score

10^/10

danabot 3 banker discovery spyware stealer trojan

Malware Config

Extracted

Family

danabot

Version

1765

Botnet

3

C2

192.236.146.203:443

192.3.26.98:443

192.236.162.42:443

192.161.48.5:443

Attributes

embedded_hash
B2585F6479280F48B64C99F950BBF36D
type
main

rsa_pubkey.plain

rsa_pubkey.plain

Targets

- Target
  
  fbbad9835d32b699f854725a673e9c10f08ed80a9a86315c48848e5f71f75333
- Size
  
  5.7MB
- MD5
  
  aa9d7e5a4fe508da0621bf68e5a787b3
- SHA1
  
  c15476e58342ab61220b897fd10927fef3e7baeb
- SHA256
  
  fbbad9835d32b699f854725a673e9c10f08ed80a9a86315c48848e5f71f75333
- SHA512
  
  8675dd864917f0986cef225457ed07b762ce33e4ccd7b0f2b7885cd1c8963909c4b61fd034e15b6d8423ff3aaa76723a7501b925587d6e22f92ded2fee606b04
- SSDEEP
  
  98304:OwhBII9ysDtJR1R1xHSd1py4uecNphPIQTRTFCO/RIr:OwhcsDtJJHK1py4ulI6doeur
Score

10^/10

danabot 3 banker discovery spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot3bankerdiscoveryspywarestealertrojan

behavioral2

danabot3bankerdiscoveryspywarestealertrojan