danabot | de5f79a7701cc5d3c73a9ac0433f36b09bf995e1d1bacae6892d260b020d04c2 | Triage

Sharing

General

Target

de5f79a7701cc5d3c73a9ac0433f36b09bf995e1d1bacae6892d260b020d04c2.exe
Size

1.3MB
Sample

241123-29neqs1qht
MD5

961b792a52911cf4f857cdde5eda1d22
SHA1

43cee0abf1c4b692fe7dfd96f9d1ef83322810fb
SHA256

de5f79a7701cc5d3c73a9ac0433f36b09bf995e1d1bacae6892d260b020d04c2
SHA512

c4a4c117b6e948e878449110644e6bfd94fffb2509ffab1572f61660d0152260b67ac09a6cc275b5af7a4883d62923c42967de243f126aedb1335b82de9357d2
SSDEEP

24576:SncFd3rbXjVs2RPPwVt6TnJNKd8MXuu4+xdhfTf0gWHRY:5ZsCNKdBXJNfTsgwRY

Score

10^/10

danabot 4 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader

Targets

- Target
  
  de5f79a7701cc5d3c73a9ac0433f36b09bf995e1d1bacae6892d260b020d04c2.exe
- Size
  
  1.3MB
- MD5
  
  961b792a52911cf4f857cdde5eda1d22
- SHA1
  
  43cee0abf1c4b692fe7dfd96f9d1ef83322810fb
- SHA256
  
  de5f79a7701cc5d3c73a9ac0433f36b09bf995e1d1bacae6892d260b020d04c2
- SHA512
  
  c4a4c117b6e948e878449110644e6bfd94fffb2509ffab1572f61660d0152260b67ac09a6cc275b5af7a4883d62923c42967de243f126aedb1335b82de9357d2
- SSDEEP
  
  24576:SncFd3rbXjVs2RPPwVt6TnJNKd8MXuu4+xdhfTf0gWHRY:5ZsCNKdBXJNfTsgwRY
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

behavioral2

danabot4bankerdiscoverytrojan