danabot | lEDVIkQSVYhQAzRgNIlEfQ[.]dll | Triage

Sharing

General

Target

lEDVIkQSVYhQAzRgNIlEfQ.dll
Size

355KB
MD5

edb09790e89ee476cfb7e66a1f7cad7b
SHA1

f25e69a0447936ec278808bdfb942a4e7125c46c
SHA256

0578160ca0061e8b9b0e61ecb6b057babdeff7580d5a58e0724e7bb4e7e51d93
SHA512

ebd154521917fb876736dcb62ce35517dcf5ccf513a8903544f681ac2d1adacff894dfe3615a1f005e65b8cb738ac47ab83ac85eaa16bfd897a1868e3d16aecb

Score

10^/10

botnet danabot

Malware Config

Extracted

Family

danabot

C2

209.182.218.222

185.227.109.40

185.136.165.128

161.129.65.197

217.182.56.71

254.55.37.53

228.175.167.154

56.38.135.17

168.127.65.186

185.181.8.49

rsa_pubkey.plain

Signatures

Danabot family
danabot
Danabot x86 payload 1 IoCs
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
botnet

Processes:

resource yara_rule

sample family_danabot

Files

lEDVIkQSVYhQAzRgNIlEfQ.dll
.dll windows x86

Exports

Exports

ServiceMain
__dbk_fcall_wrapper
dbkFCallWrapperAddr
f0
f1
f2
f3
f4
f5
f6
f7
f8
f9