danabot | 2679fd014c747eb282b71b79ce95e0f2b6c28d544a10ab74bc393439456143b6 | Triage

Submit
Reports

Overview

overview

Static

static

3

2679fd014c...6N.dll

windows7-x64

2679fd014c...6N.dll

windows10-2004-x64

Sharing

General

Target

2679fd014c747eb282b71b79ce95e0f2b6c28d544a10ab74bc393439456143b6N
Size

2.5MB
Sample

241101-mwe4wazgnp
MD5

3e4b803e57c0154b8af15e392da96750
SHA1

56a136e548a838354331ad4098e5baf4ca2395b4
SHA256

2679fd014c747eb282b71b79ce95e0f2b6c28d544a10ab74bc393439456143b6
SHA512

1975dac8ed7943bfc9847f490b15ba8739d02bb7b0369a82b68314db585e53d256532516212b44dc5bfd2de9a8ac2ef827add7fd74b4b711354ce86e472a0130
SSDEEP

49152:KgZziYT4//YDt2Z/fZMdzUAOC5n+LlrxFTGWQKq:K0ziYTJh2Z/f6AAOGarxFTGPv

Score

10^/10

danabot 40 banker discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2679fd014c747eb282b71b79ce95e0f2b6c28d544a10ab74bc393439456143b6N.dll

Resource

win7-20240903-en

danabot 40 banker discovery trojan

windows7-x64

6 signatures

120 seconds

Behavioral task

behavioral2

Sample

2679fd014c747eb282b71b79ce95e0f2b6c28d544a10ab74bc393439456143b6N.dll

Resource

win10v2004-20241007-en

danabot 40 banker discovery trojan

windows10-2004-x64

6 signatures

120 seconds

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.158.250.216:443

194.76.225.46:443

45.11.180.153:443

194.76.225.61:443

Attributes

embedded_hash
AD14EA44261341E3690FA8CC1E236523
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  2679fd014c747eb282b71b79ce95e0f2b6c28d544a10ab74bc393439456143b6N
- Size
  
  2.5MB
- MD5
  
  3e4b803e57c0154b8af15e392da96750
- SHA1
  
  56a136e548a838354331ad4098e5baf4ca2395b4
- SHA256
  
  2679fd014c747eb282b71b79ce95e0f2b6c28d544a10ab74bc393439456143b6
- SHA512
  
  1975dac8ed7943bfc9847f490b15ba8739d02bb7b0369a82b68314db585e53d256532516212b44dc5bfd2de9a8ac2ef827add7fd74b4b711354ce86e472a0130
- SSDEEP
  
  49152:KgZziYT4//YDt2Z/fZMdzUAOC5n+LlrxFTGWQKq:K0ziYTJh2Z/f6AAOGarxFTGPv
Score

10^/10

danabot 40 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot40bankerdiscoverytrojan

behavioral2

danabot40bankerdiscoverytrojan

© 2018-2024

Terms | Privacy