danabot | 34fe34d877f18fb0c1954d05441239d294addd353313b360bb209c34f12a2fb5 | Triage

Sharing

General

Target

34fe34d877f18fb0c1954d05441239d294addd353313b360bb209c34f12a2fb5.exe
Size

1.3MB
Sample

241123-183btswkgk
MD5

8391a5c2fc03774dcfa3cdc6358c6dd1
SHA1

9e28de4d5c4620480444d6bcd0fca3095752a2bc
SHA256

34fe34d877f18fb0c1954d05441239d294addd353313b360bb209c34f12a2fb5
SHA512

60eff8280f74413424db4cfcb964a0651bd89a8b15b6950c8dee824e5c548756a3578f9b61854cbe53268b4978cc248bef5ae36c764789131e07d72799e037e0
SSDEEP

24576:SncFd3rbXjVs2RPPwVt6TnJNKd8MXuu4+xdhvTf0gWHRY:5ZsCNKdBXJNvTsgwRY

Score

10^/10

danabot 4 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader

Targets

- Target
  
  34fe34d877f18fb0c1954d05441239d294addd353313b360bb209c34f12a2fb5.exe
- Size
  
  1.3MB
- MD5
  
  8391a5c2fc03774dcfa3cdc6358c6dd1
- SHA1
  
  9e28de4d5c4620480444d6bcd0fca3095752a2bc
- SHA256
  
  34fe34d877f18fb0c1954d05441239d294addd353313b360bb209c34f12a2fb5
- SHA512
  
  60eff8280f74413424db4cfcb964a0651bd89a8b15b6950c8dee824e5c548756a3578f9b61854cbe53268b4978cc248bef5ae36c764789131e07d72799e037e0
- SSDEEP
  
  24576:SncFd3rbXjVs2RPPwVt6TnJNKd8MXuu4+xdhvTf0gWHRY:5ZsCNKdBXJNvTsgwRY
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

behavioral2

danabot4bankerdiscoverytrojan