danabot

General

Target

5d970965b78013545a9c0d32eb10ee61_JaffaCakes118
Size

22.6MB
Sample

240520-g11y9afb66
MD5

5d970965b78013545a9c0d32eb10ee61
SHA1

29c055edc3c0de81add7741034f2aa8f038bc638
SHA256

50b32f4330ee0822a8010830064aaae8d58a32e556cf77e4dcb624e640ec2234
SHA512

a4a344f279c156edc1ed6d5c072962006ab84781f9ed5e3b718d94559c3fb6b6dcdf429020a1458528edd957334c718c7fe641117b5f50fad4a2d18ec5b723a5
SSDEEP

12288:/eEl4AjRZrrZTbM6mUnt9Ho3KzA4Gv19yMUq9Rrb8anAO4mrA6DKMjXcZkPSbP6D:3w

Score

10^/10

Malware Config

Extracted

Family

danabot

C2

181.63.44.194

207.148.83.108

45.77.40.71

87.115.138.169

24.229.48.7

116.111.206.27

45.196.143.203

218.65.3.199

131.59.110.186

113.81.97.96

rsa_pubkey.plain

Targets

- Target
  
  5d970965b78013545a9c0d32eb10ee61_JaffaCakes118
- Size
  
  22.6MB
- MD5
  
  5d970965b78013545a9c0d32eb10ee61
- SHA1
  
  29c055edc3c0de81add7741034f2aa8f038bc638
- SHA256
  
  50b32f4330ee0822a8010830064aaae8d58a32e556cf77e4dcb624e640ec2234
- SHA512
  
  a4a344f279c156edc1ed6d5c072962006ab84781f9ed5e3b718d94559c3fb6b6dcdf429020a1458528edd957334c718c7fe641117b5f50fad4a2d18ec5b723a5
- SSDEEP
  
  12288:/eEl4AjRZrrZTbM6mUnt9Ho3KzA4Gv19yMUq9Rrb8anAO4mrA6DKMjXcZkPSbP6D:3w
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Process spawned unexpected child process

Blocklisted process makes network request

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2