danabot | 323e603adf8bc36267e2a67844ede41626a05025d1199b6e4776924ee51ca011 | Triage

Sharing

General

Target

HEUR-Trojan.Win32.Injuke.pef-323e603adf8bc362.exe
Size

1.1MB
Sample

230604-bqnchsae99
MD5

73348daba269cf2fab1b11edf6691e34
SHA1

8a17b4885b4b57339b196bcdb0ed907156771cc3
SHA256

323e603adf8bc36267e2a67844ede41626a05025d1199b6e4776924ee51ca011
SHA512

a122b52e085448473ead0e6e3cd8d5fca79b9497ad50d1309581de3b545753e74a3c16d86476416b73fdcaea6471e449c16fcf3aba56340ae9c85db9df33182d
SSDEEP

24576:gv1pSscKQuC1LPUD9UiG6bhz1oF/gEp4toGVEuycKRHU9:d5v1L8BbPXoF/N4toLujK69

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.254.144.209:443

23.254.227.74:443

192.255.166.212:443

Attributes

embedded_hash
0E1A7A1479C37094441FA911262B322A
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  HEUR-Trojan.Win32.Injuke.pef-323e603adf8bc362.exe
- Size
  
  1.1MB
- MD5
  
  73348daba269cf2fab1b11edf6691e34
- SHA1
  
  8a17b4885b4b57339b196bcdb0ed907156771cc3
- SHA256
  
  323e603adf8bc36267e2a67844ede41626a05025d1199b6e4776924ee51ca011
- SHA512
  
  a122b52e085448473ead0e6e3cd8d5fca79b9497ad50d1309581de3b545753e74a3c16d86476416b73fdcaea6471e449c16fcf3aba56340ae9c85db9df33182d
- SSDEEP
  
  24576:gv1pSscKQuC1LPUD9UiG6bhz1oF/gEp4toGVEuycKRHU9:d5v1L8BbPXoF/N4toLujK69
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan

behavioral2

danabot4bankertrojan