danabot | 5cec463831baf21fcd3bc62b8f4c80c73505babae3a3cb7a7eefe44caf1afb29 | Triage

Submit
Reports

Overview

overview

Static

static

3

f484bbcf4f...18.exe

windows7-x64

f484bbcf4f...18.exe

windows10-2004-x64

Sharing

General

Target

f484bbcf4f5f6da276f0d13c26660aad_JaffaCakes118
Size

1.0MB
Sample

240416-2y5jwaeh78
MD5

f484bbcf4f5f6da276f0d13c26660aad
SHA1

924d37f0b511e446d019a46a2d4af7eb102d9c5c
SHA256

5cec463831baf21fcd3bc62b8f4c80c73505babae3a3cb7a7eefe44caf1afb29
SHA512

8808abb3f11cb3f95bd0f9d74c23d72e033815090bc62ee394daee363abccb721a6bd1fd4d27ace77964029e33120e01bd4c623bc190ce442653f0a656f12fa4
SSDEEP

24576:9tvq8otGWq3tXYQi0By8+kKZ6Vklj6EK/Lg9w3n59X:9tvq8otqtXrJyJWVC+jgeXX

Score

10^/10

danabot 5 banker trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f484bbcf4f5f6da276f0d13c26660aad_JaffaCakes118.exe

Resource

win7-20240221-en

danabot 5 banker trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

f484bbcf4f5f6da276f0d13c26660aad_JaffaCakes118.exe

Resource

win10v2004-20240412-en

danabot 5 banker trojan

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Botnet

5

C2

192.210.222.81:443

23.229.29.48:443

5.9.224.204:443

192.255.166.212:443

Attributes

embedded_hash
100700D372965A717E89B8C909E1D8D4
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  f484bbcf4f5f6da276f0d13c26660aad_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  f484bbcf4f5f6da276f0d13c26660aad
- SHA1
  
  924d37f0b511e446d019a46a2d4af7eb102d9c5c
- SHA256
  
  5cec463831baf21fcd3bc62b8f4c80c73505babae3a3cb7a7eefe44caf1afb29
- SHA512
  
  8808abb3f11cb3f95bd0f9d74c23d72e033815090bc62ee394daee363abccb721a6bd1fd4d27ace77964029e33120e01bd4c623bc190ce442653f0a656f12fa4
- SSDEEP
  
  24576:9tvq8otGWq3tXYQi0By8+kKZ6Vklj6EK/Lg9w3n59X:9tvq8otqtXrJyJWVC+jgeXX
Score

10^/10

danabot 5 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot5bankertrojan

behavioral2

danabot5bankertrojan

© 2018-2024

Terms | Privacy