danabot

General

Target

20f0a82af38d2e14b714125999f1e9e6e5d2358ca1c47f28fee4ca947e66ef40
Size

940KB
Sample

240726-d6qhxsthkp
MD5

8b68871a6fb45ef20eccc596b0d4117c
SHA1

2d9c6884fb866f988cf5ba1210f305fde582eef2
SHA256

20f0a82af38d2e14b714125999f1e9e6e5d2358ca1c47f28fee4ca947e66ef40
SHA512

afc87c2bdf1546bb1a0065cf9019ff7e6bf8eaa1074e6b048cbbd39da47d5ecd4d960f569d4ed0b32acc840c763861fe8040287931f6d442708787c9492c3ce3
SSDEEP

24576:V9DC/q8OlMKyL1DA0z+evMgMt6bzjJgySeP/jzU:V92/MuL1Dfz+pgMt63iynP/fU

Score

10^/10

danabot 5 aspackv2 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

5

C2

23.254.217.192:443

192.236.146.173:443

23.254.133.7:443

185.62.58.85:443

Attributes

embedded_hash
3CCDCA270E94321B76E2E66C454CD541
type
loader

Targets

- Target
  
  a9b0b14c72cc984aced3f9494be42f0b45803d8fc816449c81ae774f4fd4970d.exe
- Size
  
  1.1MB
- MD5
  
  aee4097044780df89dc9f72c5272d1be
- SHA1
  
  116b730681b60b1e6ef9a61251fba364697c748f
- SHA256
  
  a9b0b14c72cc984aced3f9494be42f0b45803d8fc816449c81ae774f4fd4970d
- SHA512
  
  0d4a9eb495d2e66a52e7bd7e0753b480bb6823ba663efe4f47af988c0952dc1c0de3c1cb2c9670185897be6941c8f9a3ef6acb9459bb34c9be14781f1b579533
- SSDEEP
  
  24576:kfsR8o3JTx4kuyQnYmEopLYf/TZRIG5tbO3HQyTB/kAZYwF8:kc8o312kuyQnYmEIeRIG5t0HQk+Aq/
Score

10^/10

danabot 5 aspackv2 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blocklisted process makes network request

ASPack v2.12-2.42

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2