danabot | b49b80f454063b976c97471ed7668ef31b95c97611b97c0eff87b0061048be7e | Triage

Sharing

General

Target

38b8ce3a565db4d804c7afef99f7b6d3_JaffaCakes118
Size

1.1MB
Sample

241012-gnycla1frk
MD5

38b8ce3a565db4d804c7afef99f7b6d3
SHA1

22d869edf7f9760668eb3c89494dc3895a416ec6
SHA256

b49b80f454063b976c97471ed7668ef31b95c97611b97c0eff87b0061048be7e
SHA512

72960e8b2793080d3fcfdbde30692d7264def82ccf6182850a62adaf8f6651781f59984228961e7968b2b6a0cad163175d60097ec8199666f9aa6070af1777af
SSDEEP

24576:TQ06qWLu4Cdk+4cHwZFcWUAVy6ZtUcnIh/Y:TLGCr4cHwY/yNIh/Y

Score

10^/10

danabot 4 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes

embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  38b8ce3a565db4d804c7afef99f7b6d3_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  38b8ce3a565db4d804c7afef99f7b6d3
- SHA1
  
  22d869edf7f9760668eb3c89494dc3895a416ec6
- SHA256
  
  b49b80f454063b976c97471ed7668ef31b95c97611b97c0eff87b0061048be7e
- SHA512
  
  72960e8b2793080d3fcfdbde30692d7264def82ccf6182850a62adaf8f6651781f59984228961e7968b2b6a0cad163175d60097ec8199666f9aa6070af1777af
- SSDEEP
  
  24576:TQ06qWLu4Cdk+4cHwZFcWUAVy6ZtUcnIh/Y:TLGCr4cHwY/yNIh/Y
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

behavioral2

danabot4bankerdiscoverytrojan