General

  • Target

    SecuriteInfo.com.Variant.Graftor.752710.22488.21345

  • Size

    3.3MB

  • Sample

    201109-bza8ep2wd6

  • MD5

    87d9f26e60c839281621348244e7a50e

  • SHA1

    03cdedd359cf66d388f96c6aa48c9ba75469db72

  • SHA256

    a5bd1ac8e6458e40e63cf558145dbd06cc2700d97f9ed3ae5a161b165ca6c035

  • SHA512

    82f9de782234b46938e80cd357f847f4a5bdd8a75f7d412fc10fde3e4d9ef336e6db7f7b05c22859cb4344d3c20de69456916f5c8c1d14906edfbb4a0da682b3

Score
10/10

Malware Config

Extracted

Family

danabot

C2

172.81.129.196

54.38.22.65

192.99.219.207

51.255.134.130

192.236.179.73

23.82.140.201

45.147.228.92

rsa_pubkey.plain

Targets

    • Target

      SecuriteInfo.com.Variant.Graftor.752710.22488.21345

    • Size

      3.3MB

    • MD5

      87d9f26e60c839281621348244e7a50e

    • SHA1

      03cdedd359cf66d388f96c6aa48c9ba75469db72

    • SHA256

      a5bd1ac8e6458e40e63cf558145dbd06cc2700d97f9ed3ae5a161b165ca6c035

    • SHA512

      82f9de782234b46938e80cd357f847f4a5bdd8a75f7d412fc10fde3e4d9ef336e6db7f7b05c22859cb4344d3c20de69456916f5c8c1d14906edfbb4a0da682b3

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks