danabot | 853ece062f75bc68b24c5ee05093b3c344787fbbeba3006146e1b1186738dabb | Triage

Sharing

General

Target

822ad0916ed57b9f8e4a9610aabb56e2
Size

1.2MB
Sample

240130-l75y1afbgr
MD5

822ad0916ed57b9f8e4a9610aabb56e2
SHA1

1d662a74d9ea2467ee66c29f3b000134527a4d4d
SHA256

853ece062f75bc68b24c5ee05093b3c344787fbbeba3006146e1b1186738dabb
SHA512

dee71882ee4bab4b9a4c3ed203dec4a8078ea381b8afca0374b19fb5bbd4f3d360c493919041db3822f401b1022688d8a71f870a7aee0247dda83802ea6393bd
SSDEEP

24576:e6VU2jJSKjdbfHtHzIhtIwzPIiFTOvYiKAT1X6t+cGwmKNy:/vGtIMavhZm6uy

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes

embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  822ad0916ed57b9f8e4a9610aabb56e2
- Size
  
  1.2MB
- MD5
  
  822ad0916ed57b9f8e4a9610aabb56e2
- SHA1
  
  1d662a74d9ea2467ee66c29f3b000134527a4d4d
- SHA256
  
  853ece062f75bc68b24c5ee05093b3c344787fbbeba3006146e1b1186738dabb
- SHA512
  
  dee71882ee4bab4b9a4c3ed203dec4a8078ea381b8afca0374b19fb5bbd4f3d360c493919041db3822f401b1022688d8a71f870a7aee0247dda83802ea6393bd
- SSDEEP
  
  24576:e6VU2jJSKjdbfHtHzIhtIwzPIiFTOvYiKAT1X6t+cGwmKNy:/vGtIMavhZm6uy
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan

behavioral2

danabot4bankertrojan