danabot | d0565e20d3ae56e08b3b9efc10bae20304b40f76ad9d84aaa32cacf355633007 | Triage

Sharing

General

Target

2025-04-04_db29e00730dfebfa1f5030f48a64463a_amadey_rhadamanthys_smoke-loader
Size

6.0MB
Sample

250404-d3ra2syycy
MD5

db29e00730dfebfa1f5030f48a64463a
SHA1

bba79e1d85884f919f53af581c433d30c8dab531
SHA256

d0565e20d3ae56e08b3b9efc10bae20304b40f76ad9d84aaa32cacf355633007
SHA512

10179125fc07934f0574fbb2cc52bd3cf9aadfdd65f8f61551d8e4e68df1d5a6eb7c7f703598ac7121fff4f4ec1e2c838a529be397be8f41ba823ff0e5174330
SSDEEP

98304:xT65EZhmqRq+gkSTs+xYRW0ABl3IbfX975PwJuYJRyvmEPPsXUpS3W51iGSfC:xOyRqTs/RW0AAbrjY29PPsEpKWSGsC

Score

10^/10

danabot 3 banker discovery spyware stealer trojan

Malware Config

Extracted

Family

danabot

Version

1827

Botnet

3

C2

184.95.51.183:443

37.220.31.94:443

192.210.198.12:443

184.95.51.175:443

Attributes

embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
type
main

rsa_pubkey.plain

rsa_pubkey.plain

Extracted

Family

danabot

Attributes

type
loader

Targets

- Target
  
  2025-04-04_db29e00730dfebfa1f5030f48a64463a_amadey_rhadamanthys_smoke-loader
- Size
  
  6.0MB
- MD5
  
  db29e00730dfebfa1f5030f48a64463a
- SHA1
  
  bba79e1d85884f919f53af581c433d30c8dab531
- SHA256
  
  d0565e20d3ae56e08b3b9efc10bae20304b40f76ad9d84aaa32cacf355633007
- SHA512
  
  10179125fc07934f0574fbb2cc52bd3cf9aadfdd65f8f61551d8e4e68df1d5a6eb7c7f703598ac7121fff4f4ec1e2c838a529be397be8f41ba823ff0e5174330
- SSDEEP
  
  98304:xT65EZhmqRq+gkSTs+xYRW0ABl3IbfX975PwJuYJRyvmEPPsXUpS3W51iGSfC:xOyRqTs/RW0AAbrjY29PPsEpKWSGsC
Score

10^/10

danabot 3 banker discovery spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot family
  danabot
- Blocklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot3bankerdiscoveryspywarestealertrojan