General

  • Target

    3bad137a2d5d20084fcf3fabf213ec08.exe

  • Size

    1.0MB

  • Sample

    201109-9x2ryq4tna

  • MD5

    3bad137a2d5d20084fcf3fabf213ec08

  • SHA1

    079a6f24108c97a32923369b9e0e348c39bbf5dd

  • SHA256

    46c14ac886a864d3ff77606286c4ce983a060d57bcd07881ab299b1848918af5

  • SHA512

    475caf00146c93795752f0771cccee342edb17f5bdd9a778b885a7e34bf97b10b2569065093984cfb716033a3943b0f7681b9fcc80d5ffb973f19d70b6191b03

Malware Config

Extracted

Family

danabot

C2

2.56.213.39

185.238.168.83

185.238.168.174

93.115.20.189

93.115.20.183

5.61.58.130

rsa_pubkey.plain

Targets

    • Target

      3bad137a2d5d20084fcf3fabf213ec08.exe

    • Size

      1.0MB

    • MD5

      3bad137a2d5d20084fcf3fabf213ec08

    • SHA1

      079a6f24108c97a32923369b9e0e348c39bbf5dd

    • SHA256

      46c14ac886a864d3ff77606286c4ce983a060d57bcd07881ab299b1848918af5

    • SHA512

      475caf00146c93795752f0771cccee342edb17f5bdd9a778b885a7e34bf97b10b2569065093984cfb716033a3943b0f7681b9fcc80d5ffb973f19d70b6191b03

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks