danabot | c7d9227cc6550ddba398fef4716d008d6391c701e84d12926e393f506b5a9b41 | Triage

Sharing

General

Target

b048cf76a36a041a196715ab6bc92ff5
Size

1.3MB
Sample

240301-en37qsce26
MD5

b048cf76a36a041a196715ab6bc92ff5
SHA1

bb831338d55eb9fb3ab39ae81a4d2f1215e4d534
SHA256

c7d9227cc6550ddba398fef4716d008d6391c701e84d12926e393f506b5a9b41
SHA512

cf8017a5c5a4444492144607caef1904ea4d75742a48d9a5d2c4648ffb46e65b078237370e90a07002d06cb264d08c03c16356477b672168a8d47aa61fc21c38
SSDEEP

24576:L8pWEmDXswcrLEEcQ1fObM5HqTgNmsBdLTWnrO:QtSzeTBdLTq

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443

Attributes

embedded_hash
0E1A7A1479C37094441FA911262B322A
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  b048cf76a36a041a196715ab6bc92ff5
- Size
  
  1.3MB
- MD5
  
  b048cf76a36a041a196715ab6bc92ff5
- SHA1
  
  bb831338d55eb9fb3ab39ae81a4d2f1215e4d534
- SHA256
  
  c7d9227cc6550ddba398fef4716d008d6391c701e84d12926e393f506b5a9b41
- SHA512
  
  cf8017a5c5a4444492144607caef1904ea4d75742a48d9a5d2c4648ffb46e65b078237370e90a07002d06cb264d08c03c16356477b672168a8d47aa61fc21c38
- SSDEEP
  
  24576:L8pWEmDXswcrLEEcQ1fObM5HqTgNmsBdLTWnrO:QtSzeTBdLTq
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan

behavioral2

danabot4bankertrojan