danabot | 670e3d3e99d2aca498fa520e4058c802bcc2600ebe31748e0b19cba0f4ae58b4 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Advanced_IP_Scanner (7).zip
Size

7.7MB
Sample

231122-gndm7abd2v
MD5

3b60a78b76acd2d94937877e1af14b52
SHA1

579b666c91109a8353a180edff1f35bf947a6b0c
SHA256

670e3d3e99d2aca498fa520e4058c802bcc2600ebe31748e0b19cba0f4ae58b4
SHA512

4b61d710f43cb0846f3a6d59a9aebf50804848fda96d3249f2d8f19ad8f133eecade0122725d526afc1838436a6acee301c2b00837740b34fc73f11280dccd10
SSDEEP

196608:MAPiwlxq4SezC31m1eqHpn9+Eq3PAqI2wxmm9:vPY4SK41m1ecpIhqn9

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
8D793CA6F2DD4E8AA30833BA9EA647D3
type
loader

Targets

- Target
  
  Advanced_IP_Scanner.exe
- Size
  
  5.5MB
- MD5
  
  537915708fe4e81e18e99d5104b353ed
- SHA1
  
  128ddb7096e5b748c72dc13f55b593d8d20aa3fb
- SHA256
  
  6dc7275f2143d1de0ca66c487b0f2ebff3d4c6a79684f03b9619bf23143ecf74
- SHA512
  
  9ceaaf7aa5889be9f5606646403133782d004b9d78ef83d7007dfce67c0f4f688d7931aebc74f1fc30aac2f1dd6281bdadfb52bc3ea46aca33b334adb4067ae2
- SSDEEP
  
  49152:ERUl697ngPTrho9J8kgdjbHNZ5PP/Re5m3mxVN6KEp0v7J7k66ZRkQTXw+sljVop:uAXqnhON8m3mzNHTdw6YSX+sleu5y
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  contactsUX.dll
- Size
  
  331KB
- MD5
  
  54ee6a204238313dc6aca21c7e036c17
- SHA1
  
  531fd1c18e2e4984c72334eb56af78a1048da6c7
- SHA256
  
  0abf68b8409046a1555d48ac506fd26fda4b29d8d61e07bc412a4e21de2782fd
- SHA512
  
  19a2e371712aab54b75059d39a9aea6e7de2eb69b3ffc0332e60df617ebb9de61571b2ca722cddb75c9cbc79f8200d03f73539f21f69366eae3c7641731c7820
- SSDEEP
  
  6144:zLU98dTLLPTtdO37tzHzjRzPSzHKBJupBzC8vAocIGhL99WP+gDjX5oOyOta3H/C:P9PLrtShzHzjRMcQpsSCTO2H/Kj
Score

3^/10
behavioral3 behavioral4
- Target
  
  msidcrl40.dll
- Size
  
  791KB
- MD5
  
  ef66829b99bbfc465b05dc7411b0dcfa
- SHA1
  
  c6f6275f92053b4b9fa8f2738ed3e84f45261503
- SHA256
  
  257e6489f5b733f2822f0689295a9f47873be3cec5f4a135cd847a2f2c82a575
- SHA512
  
  6839b7372e37e67c270a4225f91df21f856158a292849da2101c2978ce37cd08b75923ab30ca39d7360ce896fc6a2a2d646dd88eb2993cef612c43a475fdb2ea
- SSDEEP
  
  12288:2qjIhzdNvajtjz38HkZIbKnxPxlJsk7aMClZE:2qjIhzdNvkjGKP1I+
Score

3^/10
behavioral5 behavioral6
- Target
  
  msncore.dll
- Size
  
  991KB
- MD5
  
  345602a639102f099a4a269cfb0becc9
- SHA1
  
  6f6c334c25bb2f3a7e5cbf989f95124d79eb576c
- SHA256
  
  954671bdd5d66a94d4f86e7f727da2ab4195009b0132d079ae908cf6966d245b
- SHA512
  
  d7e0be63a6eb2afcab32466d82af5eb87beb2e5e989ef407c7058e2b010b361322343ec6800d351c61d893b69a71e3865f51e974dad076e6679bca8254d6a8cd
- SSDEEP
  
  12288:9I4v4jlJ3DBct3wTjlnkwMR8iE0IC+NwlSTLRVDRmot3kWg9/6WfK:93t3wVkwm89FC+NUSTVV9mot3kr6WfK
Score

3^/10
behavioral7 behavioral8
- Target
  
  msvcr80.dll
- Size
  
  612KB
- MD5
  
  43143abb001d4211fab627c136124a44
- SHA1
  
  edb99760ae04bfe68aaacf34eb0287a3c10ec885
- SHA256
  
  cb8928ff2faf2921b1eddc267dce1bb64e6fee4d15b68cd32588e0f3be116b03
- SHA512
  
  ced96ca5d1e2573dbf21875cf98a8fcb86b5bcdca4c041680a9cb87374378e04835f02ab569d5243608c68feb2e9b30ffe39feb598f5081261a57d1ce97556a6
- SSDEEP
  
  12288:mxzh9hH5RVKTp0G+vFhr46CI600yZmGyYG:mph9hHzVKOpt6MmGyY
Score

1^/10
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10