danabot | 201a862ecc9cd137e6ebe47ae0c73f655b4c5860e3ecaecb3764c34cb5755363 | Triage

Sharing

General

Target

JaffaCakes118_19727003d08174165c3b95eb9801ff5f
Size

1.3MB
Sample

250106-kgnrcstqhq
MD5

19727003d08174165c3b95eb9801ff5f
SHA1

2d1212b1024a7d2c13584467fdda57a774e899ba
SHA256

201a862ecc9cd137e6ebe47ae0c73f655b4c5860e3ecaecb3764c34cb5755363
SHA512

a0cea4a7943ff56c7f33f9b75d9e63155be02ddbb56108e97cd5e8cba21cf993831194f96a62e9b97ffbf82c04d18ec9ea25085b341ae97b0faae38051e82990
SSDEEP

24576:58FG/L98qXKTVfl8B0Y1ewAfj3xCV2D3qyzITrQB79t:a7VSNAfj3xCoayzIT0j

Score

10^/10

danabot 4 banker discovery trojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes

embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  JaffaCakes118_19727003d08174165c3b95eb9801ff5f
- Size
  
  1.3MB
- MD5
  
  19727003d08174165c3b95eb9801ff5f
- SHA1
  
  2d1212b1024a7d2c13584467fdda57a774e899ba
- SHA256
  
  201a862ecc9cd137e6ebe47ae0c73f655b4c5860e3ecaecb3764c34cb5755363
- SHA512
  
  a0cea4a7943ff56c7f33f9b75d9e63155be02ddbb56108e97cd5e8cba21cf993831194f96a62e9b97ffbf82c04d18ec9ea25085b341ae97b0faae38051e82990
- SSDEEP
  
  24576:58FG/L98qXKTVfl8B0Y1ewAfj3xCV2D3qyzITrQB79t:a7VSNAfj3xCoayzIT0j
Score

10^/10

danabot 4 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot4bankerdiscoverytrojan

behavioral2

danabot4bankerdiscoverytrojan