danabot | 91e0264d2e01c67d0c2c6a20b76ac8145a33af88ea0562cc277ca01b537dd02f | Triage

Sharing

General

Target

91e0264d2e01c67d0c2c6a20b76ac8145a33af88ea0562cc277ca01b537dd02f.exe
Size

4.3MB
Sample

241127-rkk8zawqht
MD5

c31f67bf101c806210a916d659cd9b0d
SHA1

d2f1760d4b4021eb49ddadd332ec3630f6babfed
SHA256

91e0264d2e01c67d0c2c6a20b76ac8145a33af88ea0562cc277ca01b537dd02f
SHA512

5e11e4845056b42a1de1d2a6406e53c84cabeafc86e813c46e2941f889c4739a0cced6b9cc66d72e2b89d161c650a245d3e294bbfeff5a8cd9b0a36376bed2f9
SSDEEP

98304:7D5gnLHf9/uXEjQIYmwjc3ebCgkonupIlmWAVqMQM/g:7DynLHf9/aEjQIYmwjc3ebCgkOudWA4X

Score

10^/10

danabot banker discovery trojan

Malware Config

Extracted

Family

danabot

C2

104.234.239.223:443

104.234.119.237:443

104.156.149.14:443

104.234.119.246:443

Attributes

type
loader

Targets

- Target
  
  91e0264d2e01c67d0c2c6a20b76ac8145a33af88ea0562cc277ca01b537dd02f.exe
- Size
  
  4.3MB
- MD5
  
  c31f67bf101c806210a916d659cd9b0d
- SHA1
  
  d2f1760d4b4021eb49ddadd332ec3630f6babfed
- SHA256
  
  91e0264d2e01c67d0c2c6a20b76ac8145a33af88ea0562cc277ca01b537dd02f
- SHA512
  
  5e11e4845056b42a1de1d2a6406e53c84cabeafc86e813c46e2941f889c4739a0cced6b9cc66d72e2b89d161c650a245d3e294bbfeff5a8cd9b0a36376bed2f9
- SSDEEP
  
  98304:7D5gnLHf9/uXEjQIYmwjc3ebCgkonupIlmWAVqMQM/g:7DynLHf9/aEjQIYmwjc3ebCgkOudWA4X
Score

10^/10

danabot banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankerdiscoverytrojan

behavioral2

danabotbankerdiscoverytrojan