Overview

overview

10

Static

static

SecuriteIn...46.exe

windows7_x64

10

SecuriteIn...46.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.BehavesLike.Win32.Generic.vc.31846

  • Size

    2.6MB

  • Sample

    200624-dsqggctlws

  • MD5

    3aca8b56716ae3d03be877b9dd4729a6

  • SHA1

    fc0a13a5f18cb1b81a5ea67533a366ffceeda02b

  • SHA256

    a31934ff6fce423c793ab9d1e4bd4067986033e552ba36a7ea360dec57b83dd2

  • SHA512

    dfc89beca5485f96fa469b6985c69f402d5ca802a51e3218b862925cea747815642bdfcd899911d9542e38ee76483ce068a884164627403d150b7a21b3132117

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

92.204.160.126

193.34.166.26

93.115.22.159

93.115.22.165

185.227.138.52
rsa_pubkey.plain

Targets

    • Target

      SecuriteInfo.com.BehavesLike.Win32.Generic.vc.31846

    • Size

      2.6MB

    • MD5

      3aca8b56716ae3d03be877b9dd4729a6

    • SHA1

      fc0a13a5f18cb1b81a5ea67533a366ffceeda02b

    • SHA256

      a31934ff6fce423c793ab9d1e4bd4067986033e552ba36a7ea360dec57b83dd2

    • SHA512

      dfc89beca5485f96fa469b6985c69f402d5ca802a51e3218b862925cea747815642bdfcd899911d9542e38ee76483ce068a884164627403d150b7a21b3132117

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks