danabot | hxxps://github[.]com/Da2dalus/The-MALWARE-Repo | Triage

Submit
Reports

Overview

overview

Static

static

1

URLScan

urlscan

https://github.com/D...

windows10-2004-x64

Resubmissions

06-09-2024 09:35

240906-lkpy9szamb 10

06-09-2024 09:27

240906-leqzdayfqa 10

Sharing

General

Target

https://github.com/Da2dalus/The-MALWARE-Repo
Sample

240906-lkpy9szamb

Score

10^/10

danabot mydoom banker botnet discovery evasion macro trojan upx worm

Static task

static1

URLScan task

urlscan1

Behavioral task

behavioral1

Sample

https://github.com/Da2dalus/The-MALWARE-Repo

Resource

win10v2004-20240802-es

danabot mydoom banker botnet discovery evasion macro trojan upx worm

windows10-2004-x64

31 signatures

600 seconds

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://blockchainjoblist.com/wp-admin/014080/

exe.dropper

https://womenempowermentpakistan.com/wp-admin/paba5q52/

exe.dropper

https://atnimanvilla.com/wp-content/073735/

exe.dropper

https://yeuquynhnhai.com/upload/41830/

exe.dropper

https://deepikarai.com/js/4bzs6/

Extracted

Family

danabot

C2

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Targets

- Target
  
  https://github.com/Da2dalus/The-MALWARE-Repo
Score

10^/10

danabot mydoom banker botnet discovery evasion macro trojan upx worm
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Detects MyDoom family
- Modifies visibility of file extensions in Explorer
  evasion
- Modifies visiblity of hidden/system files in Explorer
  evasion
- MyDoom
  MyDoom is a Worm that is written in C++.
  worm mydoom
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Suspicious Office macro
  Office document equipped with macros.
  macro
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

urlscan1

behavioral1

danabotmydoombankerbotnetdiscoveryevasionmacrotrojanupxworm

© 2018-2024

Terms | Privacy