General

  • Target

    80dddef3baccbd90d5dfd016cbe454ea.exe

  • Size

    940KB

  • Sample

    201109-c238htrn26

  • MD5

    80dddef3baccbd90d5dfd016cbe454ea

  • SHA1

    f6531c5a548e847c7876fa72d2689348e1bb6acb

  • SHA256

    465e874f504c413d6971a48c1ba559d83cc622bd1884b18d1cae1cca608f42ab

  • SHA512

    e32dcca39686a8c585158080aaaba56dbeb9464f03a4246eb28a136d91a232a09436fb7cd2e997e3662d6405b172b82fdf9dd507b5a1da1e73cdd103f4aa35ca

Malware Config

Extracted

Family

danabot

C2

54.38.22.65

192.99.219.207

51.255.134.130

192.236.179.73

23.82.140.201

172.81.129.196

rsa_pubkey.plain

Targets

    • Target

      80dddef3baccbd90d5dfd016cbe454ea.exe

    • Size

      940KB

    • MD5

      80dddef3baccbd90d5dfd016cbe454ea

    • SHA1

      f6531c5a548e847c7876fa72d2689348e1bb6acb

    • SHA256

      465e874f504c413d6971a48c1ba559d83cc622bd1884b18d1cae1cca608f42ab

    • SHA512

      e32dcca39686a8c585158080aaaba56dbeb9464f03a4246eb28a136d91a232a09436fb7cd2e997e3662d6405b172b82fdf9dd507b5a1da1e73cdd103f4aa35ca

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks