danabot | 558204c7ec59cd2ede9e9e7f6fede6c69aa14acb292d467c68fce1f4e77bb437 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1

Kami Expor...cs.pdf

windows7-x64

3

Kami Expor...cs.pdf

windows10-2004-x64

Sharing

General

Target

Kami Export - Marcus Plummer - Economics Scavenger Hunt - Google Docs.pdf
Size

337KB
Sample

250326-vf3t1ayyft
MD5

bdc07cb358d5c010b2013c0cf849644b
SHA1

7aa9dcc5ef159cc5b26a2108c5738bf30b1947da
SHA256

558204c7ec59cd2ede9e9e7f6fede6c69aa14acb292d467c68fce1f4e77bb437
SHA512

fd85b8afb5d4748c7b51665f7cf1ea4787ec230473a6f203231eba76748205f79057fe419859cf33061c38ae0144740e6f2765d03b0a465d3d66167ce6d634a5
SSDEEP

6144:dwWA6rXulXa0S44x4LRivZ6iORrkCDm0yXXdbpsMa/0:dY6rXu5lS44QiB6iO9kCDTkvsMv

Score

10^/10

danabot mydoom banker botnet discovery persistence trojan upx worm

Static task

static1

Behavioral task

behavioral1

Sample

Kami Export - Marcus Plummer - Economics Scavenger Hunt - Google Docs.pdf

Resource

win7-20240903-en

windows7-x64

10 signatures

900 seconds

Behavioral task

behavioral2

Sample

Kami Export - Marcus Plummer - Economics Scavenger Hunt - Google Docs.pdf

Resource

win10v2004-20250313-en

danabot mydoom banker botnet discovery persistence trojan upx worm

windows10-2004-x64

32 signatures

900 seconds

Malware Config

Extracted

Family

danabot

C2

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Targets

- Target
  
  Kami Export - Marcus Plummer - Economics Scavenger Hunt - Google Docs.pdf
- Size
  
  337KB
- MD5
  
  bdc07cb358d5c010b2013c0cf849644b
- SHA1
  
  7aa9dcc5ef159cc5b26a2108c5738bf30b1947da
- SHA256
  
  558204c7ec59cd2ede9e9e7f6fede6c69aa14acb292d467c68fce1f4e77bb437
- SHA512
  
  fd85b8afb5d4748c7b51665f7cf1ea4787ec230473a6f203231eba76748205f79057fe419859cf33061c38ae0144740e6f2765d03b0a465d3d66167ce6d634a5
- SSDEEP
  
  6144:dwWA6rXulXa0S44x4LRivZ6iORrkCDm0yXXdbpsMa/0:dY6rXu5lS44QiB6iO9kCDTkvsMv
Score

10^/10

discovery danabot mydoom banker botnet persistence trojan upx worm
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Detects MyDoom family
- MyDoom
  MyDoom is a Worm that is written in C++.
  worm mydoom
- Mydoom family
  mydoom
- Blocklisted process makes network request
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

danabotmydoombankerbotnetdiscoverypersistencetrojanupxworm

© 2018-2025

Terms | Privacy