Overview

overview

10

Static

static

2571146d6b...ea.exe

windows7_x64

10

2571146d6b...ea.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2571146d6b6333713a56e5d5adf128ea.exe

  • Size

    2.6MB

  • Sample

    201109-235drv3v3s

  • MD5

    2571146d6b6333713a56e5d5adf128ea

  • SHA1

    d55355b911ecd28b632f56374ac8c885935846b7

  • SHA256

    9d96347ba7dd239d6a6b667242965905d6e96114281cd7a18812e901712a8303

  • SHA512

    50ee2625cb71b381065b488705c19e4b4b7c7d5d2ac62977d6cf69d73ecc9da3df12e6e61e7ad6a9bf510a6a6bb7da22346393f0362262d893a8b7b9778dae18

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

142.11.240.144

45.153.243.113

88.150.227.95
rsa_pubkey.plain

Targets

    • Target

      2571146d6b6333713a56e5d5adf128ea.exe

    • Size

      2.6MB

    • MD5

      2571146d6b6333713a56e5d5adf128ea

    • SHA1

      d55355b911ecd28b632f56374ac8c885935846b7

    • SHA256

      9d96347ba7dd239d6a6b667242965905d6e96114281cd7a18812e901712a8303

    • SHA512

      50ee2625cb71b381065b488705c19e4b4b7c7d5d2ac62977d6cf69d73ecc9da3df12e6e61e7ad6a9bf510a6a6bb7da22346393f0362262d893a8b7b9778dae18

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks