Overview

overview

10

Static

static

a3cc8671b3...7b.exe

windows7_x64

10

a3cc8671b3...7b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3cc8671b3e2367103fed24a2443907b.exe

  • Size

    1.1MB

  • Sample

    201109-wt98rj45me

  • MD5

    a3cc8671b3e2367103fed24a2443907b

  • SHA1

    8819033faeb0f3cbad1cb7b5da9c1dfc7451554b

  • SHA256

    af0b53ecd547b0a629164b818d8562a5b6c3a3c15d89a764fcdc87cf0f6d4489

  • SHA512

    a33d13a88c5b75074d8cb40184134abdf57a4433b30a2bd9cf4f2755dfb7ef5d61aada867c9dfc9085cfb882c1f247a0559befbe96b67f8d27cd996b016f0b4d

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

2.56.213.39

185.238.168.83

185.238.168.174

93.115.20.189

93.115.20.183

5.61.58.130
rsa_pubkey.plain

Targets

    • Target

      a3cc8671b3e2367103fed24a2443907b.exe

    • Size

      1.1MB

    • MD5

      a3cc8671b3e2367103fed24a2443907b

    • SHA1

      8819033faeb0f3cbad1cb7b5da9c1dfc7451554b

    • SHA256

      af0b53ecd547b0a629164b818d8562a5b6c3a3c15d89a764fcdc87cf0f6d4489

    • SHA512

      a33d13a88c5b75074d8cb40184134abdf57a4433b30a2bd9cf4f2755dfb7ef5d61aada867c9dfc9085cfb882c1f247a0559befbe96b67f8d27cd996b016f0b4d

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks