danabot | ed22e98376bbd3246bc760efe74ad89f8df86150863a54f468efc3ef1b403f0a | Triage

Sharing

General

Target

ed22e98376bbd3246bc760efe74ad89f8df86150863a54f468efc3ef1b403f0a
Size

1.3MB
Sample

231012-nx6hwsgc71
MD5

2ed30526d1aa3cb695be37f3a6c95538
SHA1

81d633709b02c26b67a8966435cc04ef02b86d5f
SHA256

ed22e98376bbd3246bc760efe74ad89f8df86150863a54f468efc3ef1b403f0a
SHA512

bc929daa8d3b0adc8f3144175a6e7bc977833b4012fe702b88db3051b209d112afacc5137b983ed3786ac0e3c263662edce530f2050ca3b9a2a7a8a989ee9886
SSDEEP

24576:e8pWEmpV0KhE9tAMM7+VS4b7wNeY2gAuUP1jlBT3:1DG4bqCu4rT

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.254.144.209:443

23.254.227.74:443

192.255.166.212:443

Attributes

embedded_hash
0E1A7A1479C37094441FA911262B322A
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  ed22e98376bbd3246bc760efe74ad89f8df86150863a54f468efc3ef1b403f0a
- Size
  
  1.3MB
- MD5
  
  2ed30526d1aa3cb695be37f3a6c95538
- SHA1
  
  81d633709b02c26b67a8966435cc04ef02b86d5f
- SHA256
  
  ed22e98376bbd3246bc760efe74ad89f8df86150863a54f468efc3ef1b403f0a
- SHA512
  
  bc929daa8d3b0adc8f3144175a6e7bc977833b4012fe702b88db3051b209d112afacc5137b983ed3786ac0e3c263662edce530f2050ca3b9a2a7a8a989ee9886
- SSDEEP
  
  24576:e8pWEmpV0KhE9tAMM7+VS4b7wNeY2gAuUP1jlBT3:1DG4bqCu4rT
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan

behavioral2

danabot4bankertrojan