danabot | 59b7172f66799f61df8d8763007d51af7483ee2401ec097642808bd8c56fb436 | Triage

Submit
Reports

Overview

overview

Static

static

3

977d78da05...2b.exe

windows7-x64

977d78da05...2b.exe

windows10-2004-x64

Sharing

General

Target

977d78da0534365cafe5ca3bb0a4ff2b.exe
Size

1.0MB
Sample

250207-wv3m8a1qdw
MD5

977d78da0534365cafe5ca3bb0a4ff2b
SHA1

a57c055a5c27e69af9bfdd1051de430ced04ceb3
SHA256

59b7172f66799f61df8d8763007d51af7483ee2401ec097642808bd8c56fb436
SHA512

bf36d059d8a825ef1a2cd180fb2ed27129c4dfe7316963047c46ff9be5cb634154d9d793e2ba828a28c9e3d6d18ed53c8d44002f469aed9a7610ddae791e535d
SSDEEP

24576:DZZAT0zTUF2bMMgjyPySWDYmHLQDmRKdLkCl5n8DXlt9NL:DZZAqTUMonoVuQmRK2C/8DVZ

Score

10^/10

danabot 5 banker discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

977d78da0534365cafe5ca3bb0a4ff2b.exe

Resource

win7-20241010-en

danabot 5 banker discovery trojan

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

977d78da0534365cafe5ca3bb0a4ff2b.exe

Resource

win10v2004-20250207-en

danabot 5 banker discovery trojan

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Botnet

5

C2

192.210.222.81:443

5.9.224.204:443

192.255.166.212:443

Attributes

embedded_hash
100700D372965A717E89B8C909E1D8D4
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  977d78da0534365cafe5ca3bb0a4ff2b.exe
- Size
  
  1.0MB
- MD5
  
  977d78da0534365cafe5ca3bb0a4ff2b
- SHA1
  
  a57c055a5c27e69af9bfdd1051de430ced04ceb3
- SHA256
  
  59b7172f66799f61df8d8763007d51af7483ee2401ec097642808bd8c56fb436
- SHA512
  
  bf36d059d8a825ef1a2cd180fb2ed27129c4dfe7316963047c46ff9be5cb634154d9d793e2ba828a28c9e3d6d18ed53c8d44002f469aed9a7610ddae791e535d
- SSDEEP
  
  24576:DZZAT0zTUF2bMMgjyPySWDYmHLQDmRKdLkCl5n8DXlt9NL:DZZAqTUMonoVuQmRK2C/8DVZ
Score

10^/10

danabot 5 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Danabot family
  danabot
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot5bankerdiscoverytrojan

behavioral2

danabot5bankerdiscoverytrojan

© 2018-2025

Terms | Privacy