danabot | 9f077c3d55151dab5897a8be129b14b8aa8f87fbd73376cdffd3873d6e7bd726 | Triage

Sharing

General

Target

9f077c3d55151dab5897a8be129b14b8aa8f87fbd73376cdffd3873d6e7bd726
Size

1.3MB
Sample

231102-qwbcgaee37
MD5

2bdc3163268f46ab50e8b5b45498aa42
SHA1

7750ddbc286c6c2de222846edaea92d08a348061
SHA256

9f077c3d55151dab5897a8be129b14b8aa8f87fbd73376cdffd3873d6e7bd726
SHA512

825736505d1dc0a68a8c6a840e11174b3572a39c5405c4daca1e5349462014b439e46a104af812f3499fe98cd2ba46dcd9c888aff513d4b1147cae5e6097a866
SSDEEP

24576:qcFXBjis24E0ykpDOxlEtesuSibHsVS+kVxTQPTBWcys:RD2JKtesQbHd++T2BWPs

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.236.161.79:443

192.236.146.39:443

37.220.31.27:443

Attributes

embedded_hash
7FF0AA10AB3BA961670646D23EAE3911
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  9f077c3d55151dab5897a8be129b14b8aa8f87fbd73376cdffd3873d6e7bd726
- Size
  
  1.3MB
- MD5
  
  2bdc3163268f46ab50e8b5b45498aa42
- SHA1
  
  7750ddbc286c6c2de222846edaea92d08a348061
- SHA256
  
  9f077c3d55151dab5897a8be129b14b8aa8f87fbd73376cdffd3873d6e7bd726
- SHA512
  
  825736505d1dc0a68a8c6a840e11174b3572a39c5405c4daca1e5349462014b439e46a104af812f3499fe98cd2ba46dcd9c888aff513d4b1147cae5e6097a866
- SSDEEP
  
  24576:qcFXBjis24E0ykpDOxlEtesuSibHsVS+kVxTQPTBWcys:RD2JKtesQbHd++T2BWPs
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan

behavioral2

danabot4bankertrojan