Overview

overview

10

Static

static

2684e7971b...a8.exe

windows7_x64

10

2684e7971b...a8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2684e7971b92bd1b19265cf328b64ca8.exe

  • Size

    2.5MB

  • Sample

    201109-43m6sj6vdj

  • MD5

    2684e7971b92bd1b19265cf328b64ca8

  • SHA1

    141dde31d7e8f014b187bfbaa9d0d9abf5c9c2e8

  • SHA256

    95a90fbde8c6cc25ac3ebbc1bc9602a8a656a6c6d29e47378cca197c7018df02

  • SHA512

    37eae00d3006de093b1e236a5e506af322a94db677f59de29b5bd4d22c623b2bc4ddd34e8b042d62c9cdd082c0352aea94e06e346bbf75eb771a54b419ef0e37

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

142.11.240.144

45.153.243.113

88.150.227.95
rsa_pubkey.plain

Targets

    • Target

      2684e7971b92bd1b19265cf328b64ca8.exe

    • Size

      2.5MB

    • MD5

      2684e7971b92bd1b19265cf328b64ca8

    • SHA1

      141dde31d7e8f014b187bfbaa9d0d9abf5c9c2e8

    • SHA256

      95a90fbde8c6cc25ac3ebbc1bc9602a8a656a6c6d29e47378cca197c7018df02

    • SHA512

      37eae00d3006de093b1e236a5e506af322a94db677f59de29b5bd4d22c623b2bc4ddd34e8b042d62c9cdd082c0352aea94e06e346bbf75eb771a54b419ef0e37

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks