danabot | 7007dec4ec2161c678290c824884e5efad2c665973d275c1c7fb41e08b4a990b | Triage

Submit
Reports

Overview

overview

Static

static

1

222_737_81012.vbs

windows7-x64

222_737_81012.vbs

windows10-2004-x64

Sharing

General

Target

9c2d580396fba6658e64244554c8fb20_JaffaCakes118
Size

313KB
Sample

240610-2kvshstgln
MD5

9c2d580396fba6658e64244554c8fb20
SHA1

6bbc2c889346a9aa0eeceeefbc46a94fed4ec753
SHA256

7007dec4ec2161c678290c824884e5efad2c665973d275c1c7fb41e08b4a990b
SHA512

927567ce9b3346ec6a4d6a4ffca778a98b7f04d1b0dee5f8d2662b5faa632aa482337e456e088c38ed7ca0d587f5ddbdff582e4b29ab0307fcd89c775f979283
SSDEEP

6144:VLhmVMbSmN9lgQWVCI0xufX7le/QJwaf9u3CUITMRvvBsrqYfh3C7lyX7:VdiMbflg6xuzo8PeHOrqY47lyX7

Score

10^/10

danabot banker botnet trojan

Static task

static1

Behavioral task

behavioral1

Sample

222_737_81012.vbs

Resource

win7-20240221-en

danabot banker botnet trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

222_737_81012.vbs

Resource

win10v2004-20240226-en

danabot banker botnet trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

1.5.78.29

71.61.197.13

128.43.39.106

68.164.114.181

243.7.235.34

185.92.222.238

192.71.249.51

42.180.72.123

159.159.89.172

135.231.151.187

rsa_pubkey.plain

Targets

- Target
  
  222_737_81012.vbs
- Size
  
  1.4MB
- MD5
  
  a2cc4f4bcdae552283245eef031e6a76
- SHA1
  
  2c352ebeb6d6d297c897ea4b6a4699aeae305b77
- SHA256
  
  94137a6f7898f6f99a2f296690c447c2c3f5faad004cc180f40269dacbced23e
- SHA512
  
  6312c0e2b163182b00417d48f291954b39be09fe04570e2c08fe8b00481b24c4815ef8852c8a92ef825e5444fe6511c3b9beeaa9601dfaa0cb238e09cb29ed26
- SSDEEP
  
  12288:Negy6Cy/jr3nx6aITPYnAqYmjMaS3QwIdqEXJZRGK5ReKRWFlxEXNUbKCDo/LqPx:Negy49L6btb
Score

10^/10

danabot banker botnet trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot x86 payload
  Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
  botnet
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

danabotbankerbotnettrojan

behavioral2

danabotbankerbotnettrojan

© 2018-2024

Terms | Privacy