Overview

overview

10

Static

static

SecuriteIn...32.exe

windows7_x64

10

SecuriteIn...32.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.BehavesLike.Win32.Generic.tc.20832

  • Size

    1.0MB

  • Sample

    201109-d4nr3h9dhs

  • MD5

    a83f8f6e2f733845af01838054187d30

  • SHA1

    857f6df8a63ea4df0022463e8ad8d0e73dfbe409

  • SHA256

    f377512454adebec7f32f1a33bda63e3476595be7857fb73c0e242407f29f616

  • SHA512

    7fde752e208fac0c4dee2e7e436add312cbb52d7271aba3d3b1f90f29c50d89225143634d3f54eaa5406c4cfbaf3dfa0b91d22e329d3ca99fe64a01726bdb2ed

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

2.56.213.39

185.238.168.83

185.238.168.174

93.115.20.189

93.115.20.183

5.61.58.130
rsa_pubkey.plain

Targets

    • Target

      SecuriteInfo.com.BehavesLike.Win32.Generic.tc.20832

    • Size

      1.0MB

    • MD5

      a83f8f6e2f733845af01838054187d30

    • SHA1

      857f6df8a63ea4df0022463e8ad8d0e73dfbe409

    • SHA256

      f377512454adebec7f32f1a33bda63e3476595be7857fb73c0e242407f29f616

    • SHA512

      7fde752e208fac0c4dee2e7e436add312cbb52d7271aba3d3b1f90f29c50d89225143634d3f54eaa5406c4cfbaf3dfa0b91d22e329d3ca99fe64a01726bdb2ed

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks