Overview

overview

10

Static

static

e374cc56b4...92.exe

windows7_x64

10

e374cc56b4...92.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e374cc56b4174ebb693a7e7a58fbd792.exe

  • Size

    2.7MB

  • Sample

    201109-dszqw1qpvs

  • MD5

    e374cc56b4174ebb693a7e7a58fbd792

  • SHA1

    654dbda2ff076f1907b9ae75b64ba606e9187d76

  • SHA256

    d4290ca9fd03f5b700344fc4e14c9559fd9768eaf27fa5a5a2beaac170034ae0

  • SHA512

    50ddc88210f2dea81be24650b16b99370bea7b305f71802ce4c2a3ca87ef4c404a951655ab58f67192018725cfcfb2424d0eb1ac46efc279b4a284b763b1fc58

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

23.106.123.48

93.115.20.97

93.115.21.103

179.43.133.50

193.34.167.73
rsa_pubkey.plain

Targets

    • Target

      e374cc56b4174ebb693a7e7a58fbd792.exe

    • Size

      2.7MB

    • MD5

      e374cc56b4174ebb693a7e7a58fbd792

    • SHA1

      654dbda2ff076f1907b9ae75b64ba606e9187d76

    • SHA256

      d4290ca9fd03f5b700344fc4e14c9559fd9768eaf27fa5a5a2beaac170034ae0

    • SHA512

      50ddc88210f2dea81be24650b16b99370bea7b305f71802ce4c2a3ca87ef4c404a951655ab58f67192018725cfcfb2424d0eb1ac46efc279b4a284b763b1fc58

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks