danabot | 49d02f4531e1ebb55baa972e864007aed08a66b7ac774bddff09740ea032d76a | Triage

Sharing

General

Target

83a8566ee1e6ec8379827feecb6998f0_JaffaCakes118
Size

283KB
Sample

240809-1ksgqazhkj
MD5

83a8566ee1e6ec8379827feecb6998f0
SHA1

611085c13928e7cd5fd61ca4674a6a93f72ad9cd
SHA256

49d02f4531e1ebb55baa972e864007aed08a66b7ac774bddff09740ea032d76a
SHA512

5798b74b2d583e7a3b75bfe196b2e2336f8997d8663700aaf9b3321ed3e010696e56276d4c37940c839900cb7a0510811553848286a0ca30d01cd1f3b2093d11
SSDEEP

6144:mjkoRUNBPrzWez2nTND1FZamObdiMI1jDjRnY1ga:mdQB1z2TND/ZaZdiMIlDjeqa

Score

10^/10

danabot banker botnet discovery trojan

Malware Config

Extracted

Family

danabot

C2

149.28.180.182

178.209.51.211

194.25.251.32

60.188.203.101

150.4.101.118

240.76.254.6

72.83.147.19

159.89.40.32

242.219.180.36

12.11.98.168

rsa_pubkey.plain

Targets

- Target
  
  DHL__Rechunung__0410028402789110_050519.vbs
- Size
  
  1.5MB
- MD5
  
  97006e3717808b66068224c2eb5a7f96
- SHA1
  
  5275beeda8913200da233d246426f755e317c2e7
- SHA256
  
  bc1df223f55447fa64591fcfc70605dbce6de1bdccbe8eeaef1b514566d3c33a
- SHA512
  
  35e008d8dfefb0662ac0b010eba07c013604090f2033be12e1327cd48b34aaf7c77993b5a1294dba4a26ac8c91d8b5a40f80b6daaa1dc2561d4da7a07d251bdd
- SSDEEP
  
  3072:unrlwwQ7jd05xN3FH+JdpHiyXA6yQgd8ktGpkHlRUxL4HDDqIA5Zibwn4NoypNz5:yxtdZOJ1hkUti
Score

10^/10

danabot banker botnet discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankerbotnetdiscoverytrojan

behavioral2

danabotbankerbotnetdiscoverytrojan