Overview

overview

10

Static

static

8b428d0fe4...24.exe

windows7_x64

10

8b428d0fe4...24.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b428d0fe43dbad6b0d7919f3de14d24.exe

  • Size

    2.7MB

  • Sample

    201109-9tzc7fdlpx

  • MD5

    8b428d0fe43dbad6b0d7919f3de14d24

  • SHA1

    75d16d37294f8b59c5eb36f848c85f7b68d8214b

  • SHA256

    923de13a8933bc5d1ede57f58c6bacd9133dd875ecc423b2f1175b95a5677378

  • SHA512

    e2792143c0970101feb7025ba79f41d5c8c280d66d8196023a0d29b01943b8b361eed5310190fffb95b7afb33762a670ff1dc4142601485a836a40b3f472a62e

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204
rsa_pubkey.plain

Targets

    • Target

      8b428d0fe43dbad6b0d7919f3de14d24.exe

    • Size

      2.7MB

    • MD5

      8b428d0fe43dbad6b0d7919f3de14d24

    • SHA1

      75d16d37294f8b59c5eb36f848c85f7b68d8214b

    • SHA256

      923de13a8933bc5d1ede57f58c6bacd9133dd875ecc423b2f1175b95a5677378

    • SHA512

      e2792143c0970101feb7025ba79f41d5c8c280d66d8196023a0d29b01943b8b361eed5310190fffb95b7afb33762a670ff1dc4142601485a836a40b3f472a62e

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks