danabot | bdd0c7cbefda7e06ae77b73b86f97ce92ec35be89de53681f6aa9c8b6f1467d0 | Triage

Submit
Reports

Overview

overview

Static

static

3

63a8f8a37c...18.exe

windows7-x64

63a8f8a37c...18.exe

windows10-2004-x64

Sharing

General

Target

63a8f8a37cbf7662d40eba33166f417a_JaffaCakes118
Size

1.2MB
Sample

241020-wyl5mssfqa
MD5

63a8f8a37cbf7662d40eba33166f417a
SHA1

2ff15134add684fe379a78faeff0f93d9ea11a8b
SHA256

bdd0c7cbefda7e06ae77b73b86f97ce92ec35be89de53681f6aa9c8b6f1467d0
SHA512

9f3d1425ecfc25e1286ef10e4fe6617fd69ba7cdab16ba3da177d1861f709769983937a64414733ff9b77c01c0e9b0fff9e7488a08082d76f5f1ed3120795d29
SSDEEP

24576:gNXO0FfQDIA47VEWV3+DVSltHIflVlRXpD:0Ff4IrXVCEltoflV/ZD

Score

10^/10

danabot 4 banker discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

63a8f8a37cbf7662d40eba33166f417a_JaffaCakes118.exe

Resource

win7-20240708-en

danabot 4 banker discovery trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

63a8f8a37cbf7662d40eba33166f417a_JaffaCakes118.exe

Resource

win10v2004-20241007-en

danabot 4 banker discovery trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Botnet

4

C2

193.34.167.138:443

142.11.206.50:443

142.11.244.124:443

Attributes

embedded_hash
6AD9FE4F9E491E785665E0D144F61DAB
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  63a8f8a37cbf7662d40eba33166f417a_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  63a8f8a37cbf7662d40eba33166f417a
- SHA1
  
  2ff15134add684fe379a78faeff0f93d9ea11a8b
- SHA256
  
  bdd0c7cbefda7e06ae77b73b86f97ce92ec35be89de53681f6aa9c8b6f1467d0
- SHA512
  
  9f3d1425ecfc25e1286ef10e4fe6617fd69ba7cdab16ba3da177d1861f709769983937a64414733ff9b77c01c0e9b0fff9e7488a08082d76f5f1ed3120795d29
- SSDEEP
  
  24576:gNXO0FfQDIA47VEWV3+DVSltHIflVlRXpD:0Ff4IrXVCEltoflV/ZD
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

behavioral2

danabot4bankerdiscoverytrojan

© 2018-2025

Terms | Privacy