Overview

overview

10

Static

static

0b2c514381...9c.exe

windows7_x64

10

0b2c514381...9c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b2c514381ba2c2db3d13ea18c243a9c.exe

  • Size

    2.6MB

  • Sample

    201109-e5rd18jkwj

  • MD5

    0b2c514381ba2c2db3d13ea18c243a9c

  • SHA1

    863a66ca7cc99ce7dd8afd1246d1b1bc7b8f0c61

  • SHA256

    3d5123637475c690e7758a6848a881fa7f16616f520fe06a53f99895355ed21b

  • SHA512

    50140704210b30be92ca1687556ab225e317fcf676775d53816d3812d0d8a0268ca722d44c64d754d2c80196b84a87d5b7a87e971d3bade00394b223e2244bcf

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204
rsa_pubkey.plain

Targets

    • Target

      0b2c514381ba2c2db3d13ea18c243a9c.exe

    • Size

      2.6MB

    • MD5

      0b2c514381ba2c2db3d13ea18c243a9c

    • SHA1

      863a66ca7cc99ce7dd8afd1246d1b1bc7b8f0c61

    • SHA256

      3d5123637475c690e7758a6848a881fa7f16616f520fe06a53f99895355ed21b

    • SHA512

      50140704210b30be92ca1687556ab225e317fcf676775d53816d3812d0d8a0268ca722d44c64d754d2c80196b84a87d5b7a87e971d3bade00394b223e2244bcf

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks