Overview

overview

10

Static

static

SecuriteIn...16.exe

windows7_x64

10

SecuriteIn...16.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Generic.mg.fd03fccdce84ae08.12016

  • Size

    2.6MB

  • Sample

    200624-n3qwq2tja6

  • MD5

    fd03fccdce84ae08518761609f524f78

  • SHA1

    0a288baeca49b834de50cb1f5b02a967818b8248

  • SHA256

    57d5d3c20111dcdb68165ce1b0189bd2f4256584642266f9f1f4ed000096e976

  • SHA512

    d91b646c6bab1add593ada5be488b58f37e21bb54969ec5c38227a92a3f37b5f2ce93de923cc9bb93a79758a435c4315c17ed2f67f5534eb82cd05a36b696950

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

92.204.160.126

193.34.166.26

93.115.22.159

93.115.22.165

185.227.138.52
rsa_pubkey.plain

Targets

    • Target

      SecuriteInfo.com.Generic.mg.fd03fccdce84ae08.12016

    • Size

      2.6MB

    • MD5

      fd03fccdce84ae08518761609f524f78

    • SHA1

      0a288baeca49b834de50cb1f5b02a967818b8248

    • SHA256

      57d5d3c20111dcdb68165ce1b0189bd2f4256584642266f9f1f4ed000096e976

    • SHA512

      d91b646c6bab1add593ada5be488b58f37e21bb54969ec5c38227a92a3f37b5f2ce93de923cc9bb93a79758a435c4315c17ed2f67f5534eb82cd05a36b696950

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks