Overview

overview

10

Static

static

siri_api_c..._0.exe

windows7_x64

10

siri_api_c..._0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    siri_api_connect_0

  • Size

    2.6MB

  • Sample

    201116-3c4gavt4yx

  • MD5

    45c235992028091065c4a3be6d409296

  • SHA1

    c142417f014c9b2d28e7b6492de4ca6b3102ba26

  • SHA256

    00d10f9ac567b10c0ffd80fdd6f493cac120ab3cd2aa3ce58d05bfd73b4d11fb

  • SHA512

    c15575b32dce3707770d663aa5e797ccd10a5571369597c400bc09ede4dd14a33013dfcd8f652516394b2faef264a7dc48eb848a04cbf96313cfea14e656088f

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

92.204.160.126

193.34.166.26

93.115.22.159

93.115.22.165

185.227.138.52
rsa_pubkey.plain

Targets

    • Target

      siri_api_connect_0

    • Size

      2.6MB

    • MD5

      45c235992028091065c4a3be6d409296

    • SHA1

      c142417f014c9b2d28e7b6492de4ca6b3102ba26

    • SHA256

      00d10f9ac567b10c0ffd80fdd6f493cac120ab3cd2aa3ce58d05bfd73b4d11fb

    • SHA512

      c15575b32dce3707770d663aa5e797ccd10a5571369597c400bc09ede4dd14a33013dfcd8f652516394b2faef264a7dc48eb848a04cbf96313cfea14e656088f

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks