danabot

General

Target

2e50294022bae9ad9b8dbfc8d1b01b3a.bin
Size

940KB
Sample

240726-b7j2es1hre
MD5

664004450550124320a55715d9096774
SHA1

3651855f23442e9673d5cfca22887c8ccb64c39e
SHA256

32771c477d6a15c713ed7af118ab6e120103d3e524c713a0ce1dac889866f889
SHA512

d083d25b98d630cf2fe4fccb43ddb4e2b350f17693560d11555caed0dc51f14843a8c57c6b5addb67fe853e33d56cf6f87d27f3a3d7c24dd22cf4e86b8c1bd85
SSDEEP

24576:MQynZyUJN7cvAPVrd1ebRbIDixnxQ0cfrWO/pAa797C2V:MrjJlcvAPV5wxn105/pbJVV

Score

10^/10

danabot 5 aspackv2 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

5

C2

23.254.217.192:443

192.236.146.173:443

23.254.133.7:443

185.62.58.85:443

Attributes

embedded_hash
3CCDCA270E94321B76E2E66C454CD541
type
loader

Targets

- Target
  
  876b5319199f8e1cf0e410d352af83ffa2aa9b84c1f4ca5976b89530702e4d76.exe
- Size
  
  1.1MB
- MD5
  
  2e50294022bae9ad9b8dbfc8d1b01b3a
- SHA1
  
  e3a4505f86286b1512229df67420358a29d8f953
- SHA256
  
  876b5319199f8e1cf0e410d352af83ffa2aa9b84c1f4ca5976b89530702e4d76
- SHA512
  
  9441a1979a93f6b3b7dde697e11529b3e31ee14c370db1ecc3884393b78a1082453e2625758209bc066e0da622848d07d423719047c303b282e2f421b2863823
- SSDEEP
  
  24576:bLgcPCgLy06q0eHwkLQFI7UWE8QUNaToFVGPfN0:bsrgeoYyREwNaToFVGPO
Score

10^/10

danabot 5 aspackv2 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2