danabot | 642b08effe8f416d65a97a2934d7af4ccff8cff5e3af817ff4b21066c34e3195 | Triage

Sharing

General

Target

2025-04-02_569e486603b718b78185677c406a8aca_amadey_rhadamanthys_smoke-loader
Size

6.0MB
Sample

250402-ybtmbastgs
MD5

569e486603b718b78185677c406a8aca
SHA1

2846fb58ad9d14e810bb78dc4dfa17a4b96140e9
SHA256

642b08effe8f416d65a97a2934d7af4ccff8cff5e3af817ff4b21066c34e3195
SHA512

033217b24aa6559f196db91694041b9628eff8921caf0f9794bb95631d89b7713949ce23bb965861ca852a77e64ac33030513be99cb3ef16337b9693d47f031e
SSDEEP

98304:xT65EZhmqRq+gkSTs+xYRW0ABl3IbfX975PwJuYJRyvmEPPsXUpS3W51iGSfs:xOyRqTs/RW0AAbrjY29PPsEpKWSGss

Score

10^/10

danabot 3 banker discovery spyware stealer trojan

Malware Config

Extracted

Family

danabot

Version

1827

Botnet

3

C2

184.95.51.183:443

37.220.31.94:443

192.210.198.12:443

184.95.51.175:443

Attributes

embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
type
main

rsa_pubkey.plain

rsa_pubkey.plain

Extracted

Family

danabot

Attributes

type
loader

Targets

- Target
  
  2025-04-02_569e486603b718b78185677c406a8aca_amadey_rhadamanthys_smoke-loader
- Size
  
  6.0MB
- MD5
  
  569e486603b718b78185677c406a8aca
- SHA1
  
  2846fb58ad9d14e810bb78dc4dfa17a4b96140e9
- SHA256
  
  642b08effe8f416d65a97a2934d7af4ccff8cff5e3af817ff4b21066c34e3195
- SHA512
  
  033217b24aa6559f196db91694041b9628eff8921caf0f9794bb95631d89b7713949ce23bb965861ca852a77e64ac33030513be99cb3ef16337b9693d47f031e
- SSDEEP
  
  98304:xT65EZhmqRq+gkSTs+xYRW0ABl3IbfX975PwJuYJRyvmEPPsXUpS3W51iGSfs:xOyRqTs/RW0AAbrjY29PPsEpKWSGss
Score

10^/10

danabot 3 banker discovery spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot3bankerdiscoveryspywarestealertrojan