danabot | a5b639d9995f82bee3c81c60825464be65761d52985f53e6a034c77035e41bbc | Triage

Sharing

General

Target

JaffaCakes118_3df2f308a927a50c9e1081d190b32d06
Size

1.3MB
Sample

241231-3bbtqavkds
MD5

3df2f308a927a50c9e1081d190b32d06
SHA1

e54e7259248023db6f6fb017777e61201f88c0e8
SHA256

a5b639d9995f82bee3c81c60825464be65761d52985f53e6a034c77035e41bbc
SHA512

add49f78a4daf2ba3c7942e0d92f649da0d4118f03892249238ddd2c081ecfac64bf42b2aa709c96f902a108c10889236ff0b256f0a1cd83aa2923bf61d891f5
SSDEEP

24576:ocF2ZF78jUn9nkjdbMZCG4Ze9ohHT4g3Ct:75w4GGAQHT7S

Score

10^/10

danabot 4 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  JaffaCakes118_3df2f308a927a50c9e1081d190b32d06
- Size
  
  1.3MB
- MD5
  
  3df2f308a927a50c9e1081d190b32d06
- SHA1
  
  e54e7259248023db6f6fb017777e61201f88c0e8
- SHA256
  
  a5b639d9995f82bee3c81c60825464be65761d52985f53e6a034c77035e41bbc
- SHA512
  
  add49f78a4daf2ba3c7942e0d92f649da0d4118f03892249238ddd2c081ecfac64bf42b2aa709c96f902a108c10889236ff0b256f0a1cd83aa2923bf61d891f5
- SSDEEP
  
  24576:ocF2ZF78jUn9nkjdbMZCG4Ze9ohHT4g3Ct:75w4GGAQHT7S
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

behavioral2

danabot4bankerdiscoverytrojan