Overview

overview

10

Static

static

3

41m98slk.exe

windows7-x64

10

41m98slk.exe

windows10-ltsc 2021-x64

10

41m98slk.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41m98slk.exe

  • Size

    4.5MB

  • Sample

    250209-w2cqdayqe1

  • MD5

    f9e90bb2c2cc243057e40440e49f3ed1

  • SHA1

    69631cb253a757f61f5f894e6896740ee3808dc5

  • SHA256

    bede457084899e1c6a0e0779ed1b4534add18fd2041724f4635360fda522b6da

  • SHA512

    0ce38ca30c7ba8627d26dea32df685ef8be3c4be32dab4875fa9e1a48627cb2ad1038d9e08a92159ba69a7b6d6967fe36ab9d1645ed13a6d5f51193e1d828714

  • SSDEEP

    98304:G5a9IjDIhxKtPTFELvmpuwPsz63Ob0lecb6UdLxeOQ:G5aG/x7Fmssz63MEeo75

Score
10/10
danabotbankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

C2

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535
Attributes
  • type

    loader

Targets

    • Target

      41m98slk.exe

    • Size

      4.5MB

    • MD5

      f9e90bb2c2cc243057e40440e49f3ed1

    • SHA1

      69631cb253a757f61f5f894e6896740ee3808dc5

    • SHA256

      bede457084899e1c6a0e0779ed1b4534add18fd2041724f4635360fda522b6da

    • SHA512

      0ce38ca30c7ba8627d26dea32df685ef8be3c4be32dab4875fa9e1a48627cb2ad1038d9e08a92159ba69a7b6d6967fe36ab9d1645ed13a6d5f51193e1d828714

    • SSDEEP

      98304:G5a9IjDIhxKtPTFELvmpuwPsz63Ob0lecb6UdLxeOQ:G5aG/x7Fmssz63MEeo75

    Score
    10/10
    danabotbankerdiscoverytrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot family

      danabot

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks