danabot | 1322ae78c8352abc316a3ec642f8acf7a0187d2796bfd67c53fd64722bdcba6d | Triage

Sharing

General

Target

7ef8cd0a29c3dfa39a5a98cf7c086ae9_JaffaCakes118
Size

1.2MB
Sample

240529-a4je2sbc71
MD5

7ef8cd0a29c3dfa39a5a98cf7c086ae9
SHA1

b6f558f6460c3fdd0029860e38a08eee31941c01
SHA256

1322ae78c8352abc316a3ec642f8acf7a0187d2796bfd67c53fd64722bdcba6d
SHA512

d8a8d6fc34003d726ccd16bc1dabde97d63bcb32d5714478b08c98d6237fa06cffeb79ce9c51c1e11e6a00e96fa0a6df90ced26f6e51a3ff70626d0f67704483
SSDEEP

24576:S8r6tuuWnigUAOJtWmEBMoBBX3muHJ1JD:+FlznPWmEaonX3pH

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

149.154.159.213

221.11.15.186

140.200.163.110

238.214.73.11

77.163.235.35

151.236.14.84

204.201.196.112

43.150.102.9

115.91.243.217

198.6.155.175

rsa_pubkey.plain

Targets

- Target
  
  7ef8cd0a29c3dfa39a5a98cf7c086ae9_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  7ef8cd0a29c3dfa39a5a98cf7c086ae9
- SHA1
  
  b6f558f6460c3fdd0029860e38a08eee31941c01
- SHA256
  
  1322ae78c8352abc316a3ec642f8acf7a0187d2796bfd67c53fd64722bdcba6d
- SHA512
  
  d8a8d6fc34003d726ccd16bc1dabde97d63bcb32d5714478b08c98d6237fa06cffeb79ce9c51c1e11e6a00e96fa0a6df90ced26f6e51a3ff70626d0f67704483
- SSDEEP
  
  24576:S8r6tuuWnigUAOJtWmEBMoBBX3muHJ1JD:+FlznPWmEaonX3pH
Score

10^/10

danabot banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankertrojan

behavioral2

danabotbankertrojan