danabot | b54bf8265b7cfacd6537a9125e0e04d86b857baf7452c61caee3acdb03b44879 | Triage

Sharing

General

Target

rcc_themes_[15MB]_[1].bin
Size

18.9MB
Sample

250403-2legxswsd1
MD5

84a4764dd20bfcf989b24c62ca88383e
SHA1

207b3f5cd265a5c86be6c7841b7d5c249cbc7493
SHA256

b54bf8265b7cfacd6537a9125e0e04d86b857baf7452c61caee3acdb03b44879
SHA512

b9e301f38232b1913d710969a933d7bc76e7ad647a57c4e41ef221ecc6f86642226a9953efe794f301e26ae9ff771795aade6b4fe8cab4bf74155fe80a079069
SSDEEP

196608:Gc1rS1ekkJu0daNo6TkXvR4Z7hmU6kXLX/mbr9X5vyoEo4A19B1:Lr2EPVXvR4Z6eut5KoEon1

Score

10^/10

danabot banker discovery trojan

Malware Config

Extracted

Family

danabot

C2

114.0.101.0:105

97.0.108.0:0

109.0.97.0:1200

100.0.114.0:65535

Attributes

type
loader

Targets

- Target
  
  rcc_themes_[15MB]_[1].bin
- Size
  
  18.9MB
- MD5
  
  84a4764dd20bfcf989b24c62ca88383e
- SHA1
  
  207b3f5cd265a5c86be6c7841b7d5c249cbc7493
- SHA256
  
  b54bf8265b7cfacd6537a9125e0e04d86b857baf7452c61caee3acdb03b44879
- SHA512
  
  b9e301f38232b1913d710969a933d7bc76e7ad647a57c4e41ef221ecc6f86642226a9953efe794f301e26ae9ff771795aade6b4fe8cab4bf74155fe80a079069
- SSDEEP
  
  196608:Gc1rS1ekkJu0daNo6TkXvR4Z7hmU6kXLX/mbr9X5vyoEo4A19B1:Lr2EPVXvR4Z6eut5KoEon1
Score

10^/10

danabot banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotbankerdiscoverytrojan

behavioral2

danabotbankerdiscoverytrojan