General

  • Target

    F78E05D4.dll

  • Size

    2.2MB

  • Sample

    201109-mjkb6j4cz2

  • MD5

    88d6e37ff27f0417402d8f5ca25bbcb9

  • SHA1

    5ef6d17fa7171ec8018d13c968c570ff689645ff

  • SHA256

    938a3ebb1e0134070a4f75ea35eb5d083de6e419549b687725cac66220b0004c

  • SHA512

    37aa2c00ad2f791d29794d2b23430d72a3df4a90095d69b70fc13efadb413d21d4136adb7ffbf9d8d3286aaadcaf1355d1b04864b322378aa31944b35b68cea7

Malware Config

Extracted

Family

danabot

C2

172.81.129.196

54.38.22.65

192.99.219.207

51.255.134.130

192.236.179.73

23.82.140.201

45.147.228.92

rsa_pubkey.plain

Targets

    • Target

      F78E05D4.dll

    • Size

      2.2MB

    • MD5

      88d6e37ff27f0417402d8f5ca25bbcb9

    • SHA1

      5ef6d17fa7171ec8018d13c968c570ff689645ff

    • SHA256

      938a3ebb1e0134070a4f75ea35eb5d083de6e419549b687725cac66220b0004c

    • SHA512

      37aa2c00ad2f791d29794d2b23430d72a3df4a90095d69b70fc13efadb413d21d4136adb7ffbf9d8d3286aaadcaf1355d1b04864b322378aa31944b35b68cea7

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks