danabot | 7e93386b0f4aee6ba5dba9b29ebbf2926c99a83ff57e4f7719d652e2b0ba301f | Triage

Sharing

General

Target

f9e0642b0e36d83c2c58953619e6f4c5_JaffaCakes118
Size

1.3MB
Sample

240419-j1kndadd7v
MD5

f9e0642b0e36d83c2c58953619e6f4c5
SHA1

b00c21cc5e56f77472313ea1017d0db97f1e5c86
SHA256

7e93386b0f4aee6ba5dba9b29ebbf2926c99a83ff57e4f7719d652e2b0ba301f
SHA512

25675403947478631855fb9008f1f9234843f3bdfaab816570dfe10549d22651a2b0a1c408ff6094db062cf3272bdf0cd6d14ff91099fc36bf9bab708001c104
SSDEEP

24576:1ncFd4/jGahKXNsix1g9zbu8e/3FiE+TCzgcAw:SEs+buX7+TNZ

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.192.232:443

192.119.110.73:443

142.11.242.31:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  f9e0642b0e36d83c2c58953619e6f4c5_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  f9e0642b0e36d83c2c58953619e6f4c5
- SHA1
  
  b00c21cc5e56f77472313ea1017d0db97f1e5c86
- SHA256
  
  7e93386b0f4aee6ba5dba9b29ebbf2926c99a83ff57e4f7719d652e2b0ba301f
- SHA512
  
  25675403947478631855fb9008f1f9234843f3bdfaab816570dfe10549d22651a2b0a1c408ff6094db062cf3272bdf0cd6d14ff91099fc36bf9bab708001c104
- SSDEEP
  
  24576:1ncFd4/jGahKXNsix1g9zbu8e/3FiE+TCzgcAw:SEs+buX7+TNZ
Score

10^/10

danabot 4 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot4bankertrojan

behavioral2

danabot4bankertrojan