danabot | 55afea44e72acc36665531748a70a7b18cac5c9dfe49e1dda387cad2117b0486 | Triage

Sharing

General

Target

30130621d1a675461436f5dca3e5625f_JaffaCakes118
Size

1.1MB
Sample

241010-qmk6basgqj
MD5

30130621d1a675461436f5dca3e5625f
SHA1

95176e0ca9165e981b972bf90a16e6dfa8a5c079
SHA256

55afea44e72acc36665531748a70a7b18cac5c9dfe49e1dda387cad2117b0486
SHA512

247af244724f32c4ddbe7c6a4e61fe0a7b5f30cee1777cae1f6e1ebbb0089b56dcf89366af7401b883857fbdcb4f135b02cdb7aeae6458a2e49c7aee609673c5
SSDEEP

24576:nxNyvJt4aKJXfqAIi7gPKjkhpLzBJA5O+qNBY:XcJt4aevqAINPKjA3CO5vY

Score

10^/10

danabot 4 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes

embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  30130621d1a675461436f5dca3e5625f_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  30130621d1a675461436f5dca3e5625f
- SHA1
  
  95176e0ca9165e981b972bf90a16e6dfa8a5c079
- SHA256
  
  55afea44e72acc36665531748a70a7b18cac5c9dfe49e1dda387cad2117b0486
- SHA512
  
  247af244724f32c4ddbe7c6a4e61fe0a7b5f30cee1777cae1f6e1ebbb0089b56dcf89366af7401b883857fbdcb4f135b02cdb7aeae6458a2e49c7aee609673c5
- SSDEEP
  
  24576:nxNyvJt4aKJXfqAIi7gPKjkhpLzBJA5O+qNBY:XcJt4aevqAINPKjA3CO5vY
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

behavioral2

danabot4bankerdiscoverytrojan