danabot | 7ead1ce79a54138ccc18f6387498cfaacaf65df9b338dfe7a5af6e2b9bc5d62c | Triage

Sharing

General

Target

7ead1ce79a54138ccc18f6387498cfaacaf65df9b338dfe7a5af6e2b9bc5d62c
Size

1.3MB
Sample

241123-vycqjavmfm
MD5

a95612bc8f0a83065be725bef4f34fd5
SHA1

80a652a058cd041a7a7e4a7636142d806180d4d9
SHA256

7ead1ce79a54138ccc18f6387498cfaacaf65df9b338dfe7a5af6e2b9bc5d62c
SHA512

0e25b02041b169d0074a2e9ff93acbb8da8193dc20cf95e3728a53988abbff2da1cd0c68071e6e4d4bfde9e831b98620d54b44eb7cc510f83c2c1ac07d0f7d1c
SSDEEP

24576:qncFdcHdOgxk3F8TGFnnH0vySpIfAls7JlTUqqZm1:hcEHn9IIfbPTRKm

Score

10^/10

danabot 4 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  7ead1ce79a54138ccc18f6387498cfaacaf65df9b338dfe7a5af6e2b9bc5d62c
- Size
  
  1.3MB
- MD5
  
  a95612bc8f0a83065be725bef4f34fd5
- SHA1
  
  80a652a058cd041a7a7e4a7636142d806180d4d9
- SHA256
  
  7ead1ce79a54138ccc18f6387498cfaacaf65df9b338dfe7a5af6e2b9bc5d62c
- SHA512
  
  0e25b02041b169d0074a2e9ff93acbb8da8193dc20cf95e3728a53988abbff2da1cd0c68071e6e4d4bfde9e831b98620d54b44eb7cc510f83c2c1ac07d0f7d1c
- SSDEEP
  
  24576:qncFdcHdOgxk3F8TGFnnH0vySpIfAls7JlTUqqZm1:hcEHn9IIfbPTRKm
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

behavioral2

danabot4bankerdiscoverytrojan