Overview

overview

10

Static

static

SecuriteIn...00.exe

windows7_x64

10

SecuriteIn...00.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Generic.mg.d1ad5859f4298afb.21100

  • Size

    2.7MB

  • Sample

    200708-42q4evttcs

  • MD5

    d1ad5859f4298afb39f9747460c9f499

  • SHA1

    22b1e4142b34c3113772c31fe991c924c17ffaec

  • SHA256

    5137839a49af8a01ab62a213c963ad63c77dcfda6b107d46709aecebe3c4f415

  • SHA512

    be41fc0005263508df8020da14108bd46ab0938fa712e8222c43c5349f36d42296d97858eb610cb4af3cac24d056f16fc3a118d933f57dba979fc2735e2a45e2

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

92.204.160.126

195.133.147.230

185.136.167.253

46.19.136.203

45.138.172.157

185.227.138.52
rsa_pubkey.plain

Targets

    • Target

      SecuriteInfo.com.Generic.mg.d1ad5859f4298afb.21100

    • Size

      2.7MB

    • MD5

      d1ad5859f4298afb39f9747460c9f499

    • SHA1

      22b1e4142b34c3113772c31fe991c924c17ffaec

    • SHA256

      5137839a49af8a01ab62a213c963ad63c77dcfda6b107d46709aecebe3c4f415

    • SHA512

      be41fc0005263508df8020da14108bd46ab0938fa712e8222c43c5349f36d42296d97858eb610cb4af3cac24d056f16fc3a118d933f57dba979fc2735e2a45e2

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks