danabot | c6b70d184339d61b7a42f0c189cadb0b22b3ebec18b194b7e5a334a9006d3aed | Triage

Sharing

General

Target

e59b006e2fffda4d0cc7d8c185cd2c19_JaffaCakes118
Size

1.3MB
Sample

240407-xczpaabf59
MD5

e59b006e2fffda4d0cc7d8c185cd2c19
SHA1

259e929ac08f2aea90ef45b5a28b3cf57a7ddc97
SHA256

c6b70d184339d61b7a42f0c189cadb0b22b3ebec18b194b7e5a334a9006d3aed
SHA512

1f9165146f80d3b01271708f5850528496c3b8ae8556d6eeb2dc8c04b4e969773bb16334f4087a8955913c2cbacf98c5c70010fd2e31ca7e7d56ba6ee5471d3d
SSDEEP

24576:L8pWEmDXswcrLEEcQ1fObM5HqTgNmsBdyTWnrO:QtSzeTBdyTq

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443

Attributes

embedded_hash
0E1A7A1479C37094441FA911262B322A
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  e59b006e2fffda4d0cc7d8c185cd2c19_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  e59b006e2fffda4d0cc7d8c185cd2c19
- SHA1
  
  259e929ac08f2aea90ef45b5a28b3cf57a7ddc97
- SHA256
  
  c6b70d184339d61b7a42f0c189cadb0b22b3ebec18b194b7e5a334a9006d3aed
- SHA512
  
  1f9165146f80d3b01271708f5850528496c3b8ae8556d6eeb2dc8c04b4e969773bb16334f4087a8955913c2cbacf98c5c70010fd2e31ca7e7d56ba6ee5471d3d
- SSDEEP
  
  24576:L8pWEmDXswcrLEEcQ1fObM5HqTgNmsBdyTWnrO:QtSzeTBdyTq
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan

behavioral2

danabot4bankertrojan