danabot

General

Target

f0345563ece05e441e96aa1cbfeb4edd_JaffaCakes118
Size

1.2MB
Sample

240921-t4x3zsserj
MD5

f0345563ece05e441e96aa1cbfeb4edd
SHA1

ab4aa38faaae74314ae8b54ab28b77d7d75c1522
SHA256

b6b8c3786d083acd1def5d1ca92b0c505981bde8ce2304d6d159c142376f66a0
SHA512

5ef94563596e49d74b8e6c908971296b8b871ac576274d98e7af80b8c0d440e9de218c258330dadb9a6a7c0cd889c9c01479d4dea1dd410911e4eeedc6cc684e
SSDEEP

24576:8mbCS2RwYk7DfBFjcG7hZiSR7kb0n+iIUWu+NCyMwnEq89t2Rca:8mbC5wpcG7h500VWu+NHVnr89J

Score

10^/10

Malware Config

Extracted

Family

danabot

C2

45.74.187.0

146.1.214.150

158.228.122.53

202.136.199.125

149.28.180.182

4.79.227.177

44.151.109.26

178.209.51.211

167.196.69.157

149.143.183.11

rsa_pubkey.plain

Targets

- Target
  
  f0345563ece05e441e96aa1cbfeb4edd_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  f0345563ece05e441e96aa1cbfeb4edd
- SHA1
  
  ab4aa38faaae74314ae8b54ab28b77d7d75c1522
- SHA256
  
  b6b8c3786d083acd1def5d1ca92b0c505981bde8ce2304d6d159c142376f66a0
- SHA512
  
  5ef94563596e49d74b8e6c908971296b8b871ac576274d98e7af80b8c0d440e9de218c258330dadb9a6a7c0cd889c9c01479d4dea1dd410911e4eeedc6cc684e
- SSDEEP
  
  24576:8mbCS2RwYk7DfBFjcG7hZiSR7kb0n+iIUWu+NCyMwnEq89t2Rca:8mbC5wpcG7h500VWu+NHVnr89J
Score

10^/10

danabot banker botnet discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Danabot x86 payload

Blocklisted process makes network request

Deletes itself

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2