danabot | c5119795d525e2dad1428be6f5cd89a933dbc22d50da97ee37c4728dfcf4d153 | Triage

Sharing

General

Target

JaffaCakes118_c5119795d525e2dad1428be6f5cd89a933dbc22d50da97ee37c4728dfcf4d153
Size

2.4MB
Sample

241222-gpxsfswpdy
MD5

a99ba5e3ee29ef81901007d0be9a7f13
SHA1

aba8d1a54492d9d186ecbcb9db17305fd7e05190
SHA256

c5119795d525e2dad1428be6f5cd89a933dbc22d50da97ee37c4728dfcf4d153
SHA512

74cf44660c45bf6b524ee28582c30fcbd85c765d6c9de4b61438bb824f75a24f28faeb233e5a0461e925e091d05a68133b150597471208dc1a8fef91bd50ac54
SSDEEP

49152:P8FuJcSxvss7pLkUubih/3PeYkVVfRzZ8ikfO2f:EFuJFRsKRkU5VWjVfRKP

Score

10^/10

danabot banker discovery trojan

Malware Config

Extracted

Family

danabot

C2

153.92.223.225:443

198.15.112.179:443

185.62.56.245:443

66.85.147.23:443

Attributes

embedded_hash
61A1CB063216C13FFD2E15D7F3F515E2
type
loader

Targets

- Target
  
  JaffaCakes118_c5119795d525e2dad1428be6f5cd89a933dbc22d50da97ee37c4728dfcf4d153
- Size
  
  2.4MB
- MD5
  
  a99ba5e3ee29ef81901007d0be9a7f13
- SHA1
  
  aba8d1a54492d9d186ecbcb9db17305fd7e05190
- SHA256
  
  c5119795d525e2dad1428be6f5cd89a933dbc22d50da97ee37c4728dfcf4d153
- SHA512
  
  74cf44660c45bf6b524ee28582c30fcbd85c765d6c9de4b61438bb824f75a24f28faeb233e5a0461e925e091d05a68133b150597471208dc1a8fef91bd50ac54
- SSDEEP
  
  49152:P8FuJcSxvss7pLkUubih/3PeYkVVfRzZ8ikfO2f:EFuJFRsKRkU5VWjVfRKP
Score

10^/10

danabot banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankerdiscoverytrojan

behavioral2

danabotbankerdiscoverytrojan