danabot

General

Target

f70af025548df40e384bc4bac11d78f5_JaffaCakes118
Size

279KB
Sample

240418-ce4qsshc9s
MD5

f70af025548df40e384bc4bac11d78f5
SHA1

8339970fc6324ffa1486823e20d036ec03cd8f4f
SHA256

6c569d751bad1c483e441d11fddd7163682835c963834014bc22481a7abe1163
SHA512

58c3b847e6a795d87677af652e92d9d0d6eda96a66ba2dcc3296d64ee6f9f03f4ab92285cdc3d5a7531fc857bc3a334b8fe7f6db3ee233bd1880fe86cea03c77
SSDEEP

6144:EzmY9buUTnXQpisZuBuQO4jg4w/gI6yhwH8xzO1fFR4FOBTGQ:Ev3Tgpi62uQO4jqgAycx+t1Bd

Score

10^/10

Malware Config

Extracted

Family

danabot

C2

17.87.135.29

178.209.51.211

92.19.7.22

192.71.249.51

125.204.180.169

182.91.160.38

35.132.27.153

11.32.49.47

50.64.117.111

121.215.98.191

rsa_pubkey.plain

Targets

- Target
  
  DHL_06052019_00330134265324053041.vbs
- Size
  
  1.5MB
- MD5
  
  92ecf80bc725fa74181d95ac0838e868
- SHA1
  
  7f799efa6d6cb3cfe194d5ca6b046839bf5f2a14
- SHA256
  
  d0d6b5440599fb7f047c0f2c933f2291c308d8c755d03d50097d7509005898f0
- SHA512
  
  9e00078a0e70f5f7bf5042d9ca3639facc495e8337a05912b0c10ab0b9d6bc7efcd8fcde7f9a313f833f71593eadab642211403449558e0027d52695ef8754ce
- SSDEEP
  
  3072:bEBy+XzeuINWCVuvRNZ0/8eywuFgT1Nk0g4gvVuctC76l/ahL/rk1yuJaXXn/kd3:WUIPbDXs10xh
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Danabot x86 payload

Blocklisted process makes network request

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2