danabot | d876e1d5484e794c97573bb5e21ccd4cbb0d82abb2af83c2e4bb765caad8d43e | Triage

Submit
Reports

Overview

overview

Static

static

3

751f5e9792...b8.exe

windows7-x64

751f5e9792...b8.exe

windows10-2004-x64

Sharing

General

Target

751f5e9792c7dc915852167ef26bccb8
Size

1.2MB
Sample

240125-wacw3abhg4
MD5

751f5e9792c7dc915852167ef26bccb8
SHA1

309c133c89120b879224273967e1935f93bdd3ad
SHA256

d876e1d5484e794c97573bb5e21ccd4cbb0d82abb2af83c2e4bb765caad8d43e
SHA512

741b56f070d4cccfcb84da0ec5bacc87d43a236a5b565fa54781f5e11eccd5b70aae68002de9538db1ba6b216b750f8a340a0d490f1e6ac5433265a2cb5b37b5
SSDEEP

24576:tkd3TK2y6Rg1Z55FkU3XfUHwdluBdZVKP4D/OPsOpF:tKDy6Rg1BqOUGlWGP4DosOp

Score

10^/10

danabot kinsing 4 banker loader trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

751f5e9792c7dc915852167ef26bccb8.exe

Resource

win7-20231215-en

danabot 4 banker trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

751f5e9792c7dc915852167ef26bccb8.exe

Resource

win10v2004-20231215-en

danabot kinsing 4 banker loader trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes

embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  751f5e9792c7dc915852167ef26bccb8
- Size
  
  1.2MB
- MD5
  
  751f5e9792c7dc915852167ef26bccb8
- SHA1
  
  309c133c89120b879224273967e1935f93bdd3ad
- SHA256
  
  d876e1d5484e794c97573bb5e21ccd4cbb0d82abb2af83c2e4bb765caad8d43e
- SHA512
  
  741b56f070d4cccfcb84da0ec5bacc87d43a236a5b565fa54781f5e11eccd5b70aae68002de9538db1ba6b216b750f8a340a0d490f1e6ac5433265a2cb5b37b5
- SSDEEP
  
  24576:tkd3TK2y6Rg1Z55FkU3XfUHwdluBdZVKP4D/OPsOpF:tKDy6Rg1BqOUGlWGP4DosOp
Score

10^/10

danabot 4 banker trojan kinsing loader
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Kinsing
  Kinsing is a loader written in Golang.
  loader kinsing
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan

behavioral2

danabotkinsing4bankerloadertrojan

© 2018-2024

Terms | Privacy