danabot | 37c4d575931b89f43e388765dc5fc1554e9d8c8a03e1ea07a0a574973d5f900e | Triage

Sharing

General

Target

bf6d4d944a5f82ea6d93f6340f2a7e2e_JaffaCakes118
Size

200KB
Sample

240824-z3y7js1hmq
MD5

bf6d4d944a5f82ea6d93f6340f2a7e2e
SHA1

09dc25fa2309c553c0420ad6539f6fd2778a80fe
SHA256

37c4d575931b89f43e388765dc5fc1554e9d8c8a03e1ea07a0a574973d5f900e
SHA512

51b90149ca4fbfec5d7c371a0f277ff3b61b68c3a4d4e6a8c4f0be3ff05dcb4f75304f73a81d0efb80bf692ac34e71b7204d803ecdf0389a43061fff1376fe67
SSDEEP

3072:6dUxGMwiXfvgk8EJ2tsJWj5uwVxQXC7xFiXBguj+S7PVeKsVJ+j/jZ7y:LfYHEf4jxxQXOzEBhf7VexJ+TNm

Score

10^/10

danabot banker botnet discovery execution trojan

Malware Config

Extracted

Family

danabot

C2

89.144.25.243

14.123.141.112

91.121.17.109

97.144.123.166

89.144.25.104

37.96.21.198

26.18.85.30

88.132.191.2

106.9.214.152

161.145.156.168

rsa_pubkey.plain

Targets

- Target
  
  123321.js
- Size
  
  1.1MB
- MD5
  
  fe9946e628607b7d1f5b975bdd863000
- SHA1
  
  91fec6fb060ecb82fad71200cd75d11c8a610e40
- SHA256
  
  95abee4d159f541d81c84f6eb33a9bba7b5d1d7293e89857390b15498e138e51
- SHA512
  
  8882ef3f7629dd0372e4d03f9098c323544f7e38758ccccb0e66e3f3bccf8b90e4672a76a606c5938603d9190899894916975b1ca3ba0eaa067ed57968f682cc
- SSDEEP
  
  1536:DrOuB1MsFjui78aIe5TP4IdXYNVjPazZS8qR0/5T/TGXNHY4KQ4au9Pvj1B2gNAA:ALa
Score

10^/10

danabot banker botnet discovery execution trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankerbotnetdiscoveryexecutiontrojan

behavioral2

danabotbankerbotnetdiscoveryexecutiontrojan