danabot | 682e38c55e2fa172c34275cc14523e9f9e8910e36fd15664d3bcf2e177df13bf | Triage

Sharing

General

Target

aecf5ef859f5831d6c8213a4a3d2ca44
Size

1.3MB
Sample

240229-sh6bsscf5x
MD5

aecf5ef859f5831d6c8213a4a3d2ca44
SHA1

d515fd45841765ab919b1ca4269decc4e8691e1e
SHA256

682e38c55e2fa172c34275cc14523e9f9e8910e36fd15664d3bcf2e177df13bf
SHA512

a23c8a1f30cb98b5d5bae7b0a5a2c1d8a9b91c6f5b946ce51c4203699b38f72cb2f22afee0b537492309203142ff30b683a4453c63e7e7feeb30bbd8625d6234
SSDEEP

24576:RcF2ddLBEH/yuGeb3+yPbduheDDx0OJ1wTPWi+D:SQ3yhugDcTu5D

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

104.168.148.6:443

5.9.224.204:443

192.210.222.81:443

23.229.29.48:443

Attributes

embedded_hash
0E1A7A1479C37094441FA911262B322A
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  aecf5ef859f5831d6c8213a4a3d2ca44
- Size
  
  1.3MB
- MD5
  
  aecf5ef859f5831d6c8213a4a3d2ca44
- SHA1
  
  d515fd45841765ab919b1ca4269decc4e8691e1e
- SHA256
  
  682e38c55e2fa172c34275cc14523e9f9e8910e36fd15664d3bcf2e177df13bf
- SHA512
  
  a23c8a1f30cb98b5d5bae7b0a5a2c1d8a9b91c6f5b946ce51c4203699b38f72cb2f22afee0b537492309203142ff30b683a4453c63e7e7feeb30bbd8625d6234
- SSDEEP
  
  24576:RcF2ddLBEH/yuGeb3+yPbduheDDx0OJ1wTPWi+D:SQ3yhugDcTu5D
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan

behavioral2

danabot4bankertrojan