danabot

Resubmissions

27-01-2025 01:26

250127-bttzgavkfm 7

27-01-2025 01:13

20-01-2025 05:23

20-01-2025 05:07

31-12-2024 05:12

31-12-2024 04:49

31-12-2024 04:46

31-12-2024 04:31

Sharing

Copy URL

Twitter E-mail

General

Target

https://youtube.com/@boffy/
Sample

241231-e5vlxsxpd1

Score

10^/10

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://blockchainjoblist.com/wp-admin/014080/

exe.dropper

https://womenempowermentpakistan.com/wp-admin/paba5q52/

exe.dropper

https://atnimanvilla.com/wp-content/073735/

exe.dropper

https://yeuquynhnhai.com/upload/41830/

exe.dropper

https://deepikarai.com/js/4bzs6/

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://erpoweredent.at/3/zte.dll

Extracted

Family

danabot

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Targets

- Target
  
  https://youtube.com/@boffy/
Score

10^/10

danabot banker botnet discovery macro phishing trojan xlm
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Suspicious Office macro
  Office document equipped with 4.0 macros.
  macro xlm
- A potential corporate email address has been identified in the URL: httpswww.youtube.com@boffycbrd1
  phishing
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Danabot family

Danabot x86 payload

Process spawned unexpected child process

Blocklisted process makes network request

Suspicious Office macro

A potential corporate email address has been identified in the URL: httpswww.youtube.com@boffycbrd1

Loads dropped DLL

Enumerates connected drives

MITRE ATT&CK Enterprise v15

Tasks

static1

urlscan1

behavioral1

behavioral2

behavioral3