danabot | 0f8d2648166184bde6562f33b7e4b620313fe7a21746720d37594213fba7a604 | Triage

Sharing

General

Target

a244a3b64b61f329489bb5d283bda840_NeikiAnalytics.exe
Size

1.1MB
Sample

240614-e4nf8avfkc
MD5

a244a3b64b61f329489bb5d283bda840
SHA1

30cdd35ea5e3eeb0502a641bef81b9db71762230
SHA256

0f8d2648166184bde6562f33b7e4b620313fe7a21746720d37594213fba7a604
SHA512

293fa4bd0a3b86552d25ca864b0e5f6abb9c43e5d64bea5b694197ba375d74edeb0c27215fd4939dbf04d9b0805d8d7d2cf80f822539bc3772be3becd9c0c417
SSDEEP

12288:cpKrcz9GQmikzLgiaYb0ZPzxwbwgyScsWMifc0FrdbH7+esjQajwROmBVe3Rac26:UAcz9EikngXP6NB8cyz73OH6k86

Score

10^/10

danabot 5 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

5

C2

23.254.133.7:443

185.62.58.85:443

213.227.155.102:443

192.236.146.173:443

Attributes

embedded_hash
63B180866F08EFD2B286E54429F1D1E4
type
loader

Targets

- Target
  
  a244a3b64b61f329489bb5d283bda840_NeikiAnalytics.exe
- Size
  
  1.1MB
- MD5
  
  a244a3b64b61f329489bb5d283bda840
- SHA1
  
  30cdd35ea5e3eeb0502a641bef81b9db71762230
- SHA256
  
  0f8d2648166184bde6562f33b7e4b620313fe7a21746720d37594213fba7a604
- SHA512
  
  293fa4bd0a3b86552d25ca864b0e5f6abb9c43e5d64bea5b694197ba375d74edeb0c27215fd4939dbf04d9b0805d8d7d2cf80f822539bc3772be3becd9c0c417
- SSDEEP
  
  12288:cpKrcz9GQmikzLgiaYb0ZPzxwbwgyScsWMifc0FrdbH7+esjQajwROmBVe3Rac26:UAcz9EikngXP6NB8cyz73OH6k86
Score

10^/10

danabot 5 banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabot5bankertrojan

behavioral2

danabot5bankertrojan