danabot | f2002b07697cf5a670efdfaf364ba09334dd3fb60bb9a55ae928e51e94538978 | Triage

Submit
Reports

Overview

overview

Static

static

f2002b0769...78.dll

windows7-x64

f2002b0769...78.dll

windows10-2004-x64

Sharing

General

Target

f2002b07697cf5a670efdfaf364ba09334dd3fb60bb9a55ae928e51e94538978
Size

1.3MB
Sample

230828-la7rbscd91
MD5

10cedc8be56212c791fcda5d7f380493
SHA1

692821788a7b3ce196a527707b0a07e4db592802
SHA256

f2002b07697cf5a670efdfaf364ba09334dd3fb60bb9a55ae928e51e94538978
SHA512

911ee091c0b33d57fd24f13c9cc7e553d6a61433e3ccff8f204a20481c38c56bce2e72a4e05632595349928f402956fa254532b043eb31a4bd36606b5bf41b0c
SSDEEP

24576:EncFdn7rbCc1XupdscfiyWj16Y2dZ5+dxjw2oDT1h:bne6x56xG07T

Score

10^/10

danabot 4 banker trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f2002b07697cf5a670efdfaf364ba09334dd3fb60bb9a55ae928e51e94538978.dll

Resource

win7-20230712-en

danabot 4 banker trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

f2002b07697cf5a670efdfaf364ba09334dd3fb60bb9a55ae928e51e94538978.dll

Resource

win10v2004-20230703-en

danabot 4 banker trojan

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.254.144.209:443

192.236.194.86:443

142.11.192.232:443

Attributes

embedded_hash
0E1A7A1479C37094441FA911262B322A
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  f2002b07697cf5a670efdfaf364ba09334dd3fb60bb9a55ae928e51e94538978
- Size
  
  1.3MB
- MD5
  
  10cedc8be56212c791fcda5d7f380493
- SHA1
  
  692821788a7b3ce196a527707b0a07e4db592802
- SHA256
  
  f2002b07697cf5a670efdfaf364ba09334dd3fb60bb9a55ae928e51e94538978
- SHA512
  
  911ee091c0b33d57fd24f13c9cc7e553d6a61433e3ccff8f204a20481c38c56bce2e72a4e05632595349928f402956fa254532b043eb31a4bd36606b5bf41b0c
- SSDEEP
  
  24576:EncFdn7rbCc1XupdscfiyWj16Y2dZ5+dxjw2oDT1h:bne6x56xG07T
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan

behavioral2

danabot4bankertrojan

© 2018-2024

Terms | Privacy