danabot | 1290eff5b9ce2405746a7b5b11e486829d3d3b8004f1b22b1a241496e60c4225 | Triage

Submit
Reports

Overview

overview

Static

static

3

4d20e50740...18.exe

windows7-x64

4d20e50740...18.exe

windows10-2004-x64

Sharing

General

Target

4d20e507408edb688431c43d4afb655c_JaffaCakes118
Size

706KB
Sample

240516-1gmgashf67
MD5

4d20e507408edb688431c43d4afb655c
SHA1

ab9b18b4745f61413b01b462871c31de9d392520
SHA256

1290eff5b9ce2405746a7b5b11e486829d3d3b8004f1b22b1a241496e60c4225
SHA512

38aeb11f7a6ed54d580196b5b4ff299f065ef47c3f9d0fe05823d8cd9b93469ad95d038e1c8a2a53b10a13530eeee9d28e019dc35fbb310349f4436492ea9ad5
SSDEEP

12288:SVZZzLcl02FoNOm1byXC1v4NFeuLX0XjOsP++q3gDRvl4q13:eclc3AFR0X6sm+qeRvl4q

Score

10^/10

danabot banker botnet trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4d20e507408edb688431c43d4afb655c_JaffaCakes118.exe

Resource

win7-20240220-en

danabot banker botnet trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

4d20e507408edb688431c43d4afb655c_JaffaCakes118.exe

Resource

win10v2004-20240508-en

danabot banker botnet trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

236.128.21.180

89.144.25.104

148.165.195.24

149.28.180.182

6.200.141.194

96.202.32.98

199.92.207.6

213.82.134.216

118.134.228.191

48.8.103.94

rsa_pubkey.plain

Targets

- Target
  
  4d20e507408edb688431c43d4afb655c_JaffaCakes118
- Size
  
  706KB
- MD5
  
  4d20e507408edb688431c43d4afb655c
- SHA1
  
  ab9b18b4745f61413b01b462871c31de9d392520
- SHA256
  
  1290eff5b9ce2405746a7b5b11e486829d3d3b8004f1b22b1a241496e60c4225
- SHA512
  
  38aeb11f7a6ed54d580196b5b4ff299f065ef47c3f9d0fe05823d8cd9b93469ad95d038e1c8a2a53b10a13530eeee9d28e019dc35fbb310349f4436492ea9ad5
- SSDEEP
  
  12288:SVZZzLcl02FoNOm1byXC1v4NFeuLX0XjOsP++q3gDRvl4q13:eclc3AFR0X6sm+qeRvl4q
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankerbotnettrojan

behavioral2

danabotbankerbotnettrojan

© 2018-2024

Terms | Privacy