danabot | a235f322e3a94f07dd5018c7d43b353592fe9550a4bc17622b200b0c2aafba31 | Triage

Sharing

General

Target

JaffaCakes118_0fe782b905bd162c8a6653a038694b0c
Size

1.3MB
Sample

241231-kywtasvqhk
MD5

0fe782b905bd162c8a6653a038694b0c
SHA1

6f61146bb6d6d8feb998f1a5550f0b6b46f97437
SHA256

a235f322e3a94f07dd5018c7d43b353592fe9550a4bc17622b200b0c2aafba31
SHA512

382c17fb60805490b70c314abd5b548741e91fb130b388dc309713a43573ca74a481565d7778820d72fb0e054c400b3248fc9efba32c466d18e38cf677ae3df0
SSDEEP

24576:1ncFd4/jGahKXNsix1g9zbu8e/3FiEDTCzgcAw:SEs+buX7DTNZ

Score

10^/10

danabot 4 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.192.232:443

192.119.110.73:443

142.11.242.31:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  JaffaCakes118_0fe782b905bd162c8a6653a038694b0c
- Size
  
  1.3MB
- MD5
  
  0fe782b905bd162c8a6653a038694b0c
- SHA1
  
  6f61146bb6d6d8feb998f1a5550f0b6b46f97437
- SHA256
  
  a235f322e3a94f07dd5018c7d43b353592fe9550a4bc17622b200b0c2aafba31
- SHA512
  
  382c17fb60805490b70c314abd5b548741e91fb130b388dc309713a43573ca74a481565d7778820d72fb0e054c400b3248fc9efba32c466d18e38cf677ae3df0
- SSDEEP
  
  24576:1ncFd4/jGahKXNsix1g9zbu8e/3FiEDTCzgcAw:SEs+buX7DTNZ
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

behavioral2

danabot4bankerdiscoverytrojan