danabot | d6231724308836e66c5fa21009af32cf671caee48643514f34711551f01f3f96 | Triage

Sharing

General

Target

b2d6e376b0a35492cf9cf81f89d7dccf_JaffaCakes118
Size

1.2MB
Sample

240821-kt5kmstckl
MD5

b2d6e376b0a35492cf9cf81f89d7dccf
SHA1

41aba57098eb52c142580052be122baf11b3da6a
SHA256

d6231724308836e66c5fa21009af32cf671caee48643514f34711551f01f3f96
SHA512

949708e941775ccd6e49047b78f5d072769ea507bcc1002c79e6d8dbc57bc7525f9396f2a6a66c7f98e4a726d653be2b22e314d965e8eb8871bd7919d19d1494
SSDEEP

24576:m/LwxtQDWsO9jw/ly2pM2DgfbQ0/HFtZDqsd33hL36L:m/ZDAjw/lxmYgzQ0/HFtFl3c

Score

10^/10

danabot 4 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.192.232:443

192.119.110.73:443

142.11.242.31:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  b2d6e376b0a35492cf9cf81f89d7dccf_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  b2d6e376b0a35492cf9cf81f89d7dccf
- SHA1
  
  41aba57098eb52c142580052be122baf11b3da6a
- SHA256
  
  d6231724308836e66c5fa21009af32cf671caee48643514f34711551f01f3f96
- SHA512
  
  949708e941775ccd6e49047b78f5d072769ea507bcc1002c79e6d8dbc57bc7525f9396f2a6a66c7f98e4a726d653be2b22e314d965e8eb8871bd7919d19d1494
- SSDEEP
  
  24576:m/LwxtQDWsO9jw/ly2pM2DgfbQ0/HFtZDqsd33hL36L:m/ZDAjw/lxmYgzQ0/HFtFl3c
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

behavioral2

danabot4bankerdiscoverytrojan