danabot | f83e6e058a341fb2e13be76719297feb32d9fc4c9f196ec5f31c7532caf92b47 | Triage

Sharing

General

Target

JaffaCakes118_003f3f98462336e616970b9ad00c2aa8
Size

1.3MB
Sample

241231-cbr8laxrdq
MD5

003f3f98462336e616970b9ad00c2aa8
SHA1

1931cedf958ff3a38fad80344356b4a4bf235356
SHA256

f83e6e058a341fb2e13be76719297feb32d9fc4c9f196ec5f31c7532caf92b47
SHA512

328ce6b1f903205ec4d723b914bec8aac27340821ed52096ab484fd06d9ecf8aadcff9119683a0b88f0ab5a7eeb92fad45329e75561d320ef406462e55b3985d
SSDEEP

24576:ocF2ZF78jUn9nkjdbMZCG4Ze9oOHT4g3Ct:75w4GGAnHT7S

Score

10^/10

danabot 4 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  JaffaCakes118_003f3f98462336e616970b9ad00c2aa8
- Size
  
  1.3MB
- MD5
  
  003f3f98462336e616970b9ad00c2aa8
- SHA1
  
  1931cedf958ff3a38fad80344356b4a4bf235356
- SHA256
  
  f83e6e058a341fb2e13be76719297feb32d9fc4c9f196ec5f31c7532caf92b47
- SHA512
  
  328ce6b1f903205ec4d723b914bec8aac27340821ed52096ab484fd06d9ecf8aadcff9119683a0b88f0ab5a7eeb92fad45329e75561d320ef406462e55b3985d
- SSDEEP
  
  24576:ocF2ZF78jUn9nkjdbMZCG4Ze9oOHT4g3Ct:75w4GGAnHT7S
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

behavioral2

danabot4bankerdiscoverytrojan