danabot | 13d5e073162b4ec07be70c54fbf2ab55f6bf21867aa692c94977be50bbd67648 | Triage

Sharing

General

Target

13d5e073162b4ec07be70c54fbf2ab55f6bf21867aa692c94977be50bbd67648N.exe
Size

4.3MB
Sample

241130-qsx23ayrhr
MD5

6d26e4f13b17d1ee42e371c599206c80
SHA1

f38f9bb87829910ffcd983ab3b1aad00ced6dc62
SHA256

13d5e073162b4ec07be70c54fbf2ab55f6bf21867aa692c94977be50bbd67648
SHA512

1fa19d93e6f0f59490b72331b77500bdb2dd048245ddcca58286a01bec30cb98aebfa9e766362414beabc93c656eea2d7dcc07946db348141ebefd213415638e
SSDEEP

98304:7D5gnLHf9/uXEjQIYmwjc3ebCgkonupIlmWAVqMkM/:7DynLHf9/aEjQIYmwjc3ebCgkOudWA4q

Score

10^/10

danabot banker discovery trojan

Malware Config

Extracted

Family

danabot

C2

104.234.239.223:443

104.234.119.237:443

104.156.149.14:443

104.234.119.246:443

Attributes

type
loader

Targets

- Target
  
  13d5e073162b4ec07be70c54fbf2ab55f6bf21867aa692c94977be50bbd67648N.exe
- Size
  
  4.3MB
- MD5
  
  6d26e4f13b17d1ee42e371c599206c80
- SHA1
  
  f38f9bb87829910ffcd983ab3b1aad00ced6dc62
- SHA256
  
  13d5e073162b4ec07be70c54fbf2ab55f6bf21867aa692c94977be50bbd67648
- SHA512
  
  1fa19d93e6f0f59490b72331b77500bdb2dd048245ddcca58286a01bec30cb98aebfa9e766362414beabc93c656eea2d7dcc07946db348141ebefd213415638e
- SSDEEP
  
  98304:7D5gnLHf9/uXEjQIYmwjc3ebCgkonupIlmWAVqMkM/:7DynLHf9/aEjQIYmwjc3ebCgkOudWA4q
Score

10^/10

danabot banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankerdiscoverytrojan

behavioral2

danabotbankerdiscoverytrojan