danabot | 16f97dff35d06b1be12cdfd3a2da0a2542250f4ab1889f3be3a4108b1e784071 | Triage

Sharing

General

Target

16f97dff35d06b1be12cdfd3a2da0a2542250f4ab1889f3be3a4108b1e784071N.exe
Size

4.3MB
Sample

241125-hvsw5avlcs
MD5

0099b73da216db9e77b1fd1029d03e80
SHA1

d27f8294dacf3ea724af00bc28ab0e67da5101fb
SHA256

16f97dff35d06b1be12cdfd3a2da0a2542250f4ab1889f3be3a4108b1e784071
SHA512

9491a29d83e0b567d58f8485d249502783cd967c638e77e25396be7ad7999ea3c731bced7041163493b11f8b896ee8efae47dc640e1cfbbad0736727f83ee1fa
SSDEEP

98304:7D5gnLHf9/uXEjQIYmwjc3ebCgkonupIlmWAVqMQM/:7DynLHf9/aEjQIYmwjc3ebCgkOudWA4W

Score

10^/10

danabot banker discovery trojan

Malware Config

Extracted

Family

danabot

C2

104.234.239.223:443

104.234.119.237:443

104.156.149.14:443

104.234.119.246:443

Attributes

type
loader

Targets

- Target
  
  16f97dff35d06b1be12cdfd3a2da0a2542250f4ab1889f3be3a4108b1e784071N.exe
- Size
  
  4.3MB
- MD5
  
  0099b73da216db9e77b1fd1029d03e80
- SHA1
  
  d27f8294dacf3ea724af00bc28ab0e67da5101fb
- SHA256
  
  16f97dff35d06b1be12cdfd3a2da0a2542250f4ab1889f3be3a4108b1e784071
- SHA512
  
  9491a29d83e0b567d58f8485d249502783cd967c638e77e25396be7ad7999ea3c731bced7041163493b11f8b896ee8efae47dc640e1cfbbad0736727f83ee1fa
- SSDEEP
  
  98304:7D5gnLHf9/uXEjQIYmwjc3ebCgkonupIlmWAVqMQM/:7DynLHf9/aEjQIYmwjc3ebCgkOudWA4W
Score

10^/10

danabot banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankerdiscoverytrojan

behavioral2

danabotbankerdiscoverytrojan