danabot | 46b165002c61b435c7e0e20c58aeed34d51a8166ddffe61be6931ac2d1dad3d6 | Triage

Sharing

General

Target

46b165002c61b435c7e0e20c58aeed34d51a8166ddffe61be6931ac2d1dad3d6N.exe
Size

4.3MB
Sample

241129-wwq1tatrfl
MD5

4a0ad493456a8c94ae03ecb2824c2ea0
SHA1

78d764f9744217ec38e18a7d2886506495778462
SHA256

46b165002c61b435c7e0e20c58aeed34d51a8166ddffe61be6931ac2d1dad3d6
SHA512

82244b19144ea5807e23cd40e3eac55eb1f869318cd4fdc9c034b33e83709552655dfdbc5690d1d012c2bd4dca9db87aa9d66f9522c74efa3ee826ccbaf94dde
SSDEEP

49152:iTyK/OPbLAZXqo49wC8yn0CN4i9ejIRCX/jgYpCTNalA07b2Mg7Wxzx4pAS5KLLe:UpO6y0O9UCUkemNUPb2MHNvnGiuqC

Score

10^/10

danabot banker discovery trojan

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

142.11.226.233:443

23.254.224.247:443

23.254.231.10:443

Attributes

type
loader

Targets

- Target
  
  46b165002c61b435c7e0e20c58aeed34d51a8166ddffe61be6931ac2d1dad3d6N.exe
- Size
  
  4.3MB
- MD5
  
  4a0ad493456a8c94ae03ecb2824c2ea0
- SHA1
  
  78d764f9744217ec38e18a7d2886506495778462
- SHA256
  
  46b165002c61b435c7e0e20c58aeed34d51a8166ddffe61be6931ac2d1dad3d6
- SHA512
  
  82244b19144ea5807e23cd40e3eac55eb1f869318cd4fdc9c034b33e83709552655dfdbc5690d1d012c2bd4dca9db87aa9d66f9522c74efa3ee826ccbaf94dde
- SSDEEP
  
  49152:iTyK/OPbLAZXqo49wC8yn0CN4i9ejIRCX/jgYpCTNalA07b2Mg7Wxzx4pAS5KLLe:UpO6y0O9UCUkemNUPb2MHNvnGiuqC
Score

10^/10

danabot banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankerdiscoverytrojan

behavioral2

danabotbankerdiscoverytrojan