danabot

General

Target

a9b0b14c72cc984aced3f9494be42f0b45803d8fc816449c81ae774f4fd4970d.exe
Size

1.1MB
Sample

240725-frwgqszglj
MD5

aee4097044780df89dc9f72c5272d1be
SHA1

116b730681b60b1e6ef9a61251fba364697c748f
SHA256

a9b0b14c72cc984aced3f9494be42f0b45803d8fc816449c81ae774f4fd4970d
SHA512

0d4a9eb495d2e66a52e7bd7e0753b480bb6823ba663efe4f47af988c0952dc1c0de3c1cb2c9670185897be6941c8f9a3ef6acb9459bb34c9be14781f1b579533
SSDEEP

24576:kfsR8o3JTx4kuyQnYmEopLYf/TZRIG5tbO3HQyTB/kAZYwF8:kc8o312kuyQnYmEIeRIG5t0HQk+Aq/

Score

10^/10

danabot 5 aspackv2 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

5

C2

23.254.217.192:443

192.236.146.173:443

23.254.133.7:443

185.62.58.85:443

Attributes

embedded_hash
3CCDCA270E94321B76E2E66C454CD541
type
loader

Targets

- Target
  
  a9b0b14c72cc984aced3f9494be42f0b45803d8fc816449c81ae774f4fd4970d.exe
- Size
  
  1.1MB
- MD5
  
  aee4097044780df89dc9f72c5272d1be
- SHA1
  
  116b730681b60b1e6ef9a61251fba364697c748f
- SHA256
  
  a9b0b14c72cc984aced3f9494be42f0b45803d8fc816449c81ae774f4fd4970d
- SHA512
  
  0d4a9eb495d2e66a52e7bd7e0753b480bb6823ba663efe4f47af988c0952dc1c0de3c1cb2c9670185897be6941c8f9a3ef6acb9459bb34c9be14781f1b579533
- SSDEEP
  
  24576:kfsR8o3JTx4kuyQnYmEopLYf/TZRIG5tbO3HQyTB/kAZYwF8:kc8o312kuyQnYmEIeRIG5t0HQk+Aq/
Score

10^/10

danabot 5 aspackv2 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2