danabot | d73fba668845db5d6521d7eb9741f811fce9d79edf0a0e9c66a0a00b54c916fc | Triage

Submit
Reports

Overview

overview

Static

static

ab8b771194...8b.exe

windows7-x64

ab8b771194...8b.exe

windows10-2004-x64

Sharing

General

Target

ab8b77119439daf598b0f6b0801af58b
Size

2.9MB
Sample

240228-k9zz4agb36
MD5

ab8b77119439daf598b0f6b0801af58b
SHA1

1b619621c699dc509bb8aa0a3996b22cc9ee1321
SHA256

d73fba668845db5d6521d7eb9741f811fce9d79edf0a0e9c66a0a00b54c916fc
SHA512

7fbefb921d02253bf748b1da8c726855e5611186c3f2e574c88d5217e750be1a90ca469dc1e4f90ce3b7ef0817f0d6fcf5602f368241c88c9c20b0a0e91f4616
SSDEEP

49152:18CFrvu7i5NcFYbd1fLbHhuJfAkRJWqckw6TvU9lL:1PJ5NcO51fcJfAoWqeSylL

Score

10^/10

danabot 4 banker trojan

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

ab8b77119439daf598b0f6b0801af58b.exe

Resource

win7-20240221-en

danabot 4 banker trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

ab8b77119439daf598b0f6b0801af58b.exe

Resource

win10v2004-20240226-en

danabot 4 banker trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443

Attributes

type
loader

Targets

- Target
  
  ab8b77119439daf598b0f6b0801af58b
- Size
  
  2.9MB
- MD5
  
  ab8b77119439daf598b0f6b0801af58b
- SHA1
  
  1b619621c699dc509bb8aa0a3996b22cc9ee1321
- SHA256
  
  d73fba668845db5d6521d7eb9741f811fce9d79edf0a0e9c66a0a00b54c916fc
- SHA512
  
  7fbefb921d02253bf748b1da8c726855e5611186c3f2e574c88d5217e750be1a90ca469dc1e4f90ce3b7ef0817f0d6fcf5602f368241c88c9c20b0a0e91f4616
- SSDEEP
  
  49152:18CFrvu7i5NcFYbd1fLbHhuJfAkRJWqckw6TvU9lL:1PJ5NcO51fcJfAoWqeSylL
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

danabot4bankertrojan

behavioral2

danabot4bankertrojan

© 2018-2024

Terms | Privacy