3350aae4c4ebb8a9d200f05d1fd7950b.exe

General
Target

3350aae4c4ebb8a9d200f05d1fd7950b.exe

Size

4MB

Sample

210102-crxjkqvydj

Score
10 /10
MD5

3350aae4c4ebb8a9d200f05d1fd7950b

SHA1

19468c85dd6772e7d5566bd9f3c216c4e8bfcfae

SHA256

e3433215e57803029ce2a3e019d844b377aeb77ea11e0154289fbd4c24838d51

SHA512

0646016c83f4da20138a4a9c710b368de53152000e8bce6cebfedea787bb9a1c94068078b88ba557976c12fa009c6cb72305dcafacdb85a6d59587cac2aeef86

Malware Config

Extracted

Family danabot
Version 1732
Botnet 3
C2

108.62.118.103:443

23.226.132.92:443

23.106.123.249:443

108.62.141.152:443

Attributes
embedded_hash
49574F66CD0103BBD725C08A9805C2BE
rsa_pubkey.plain
rsa_pubkey.plain
Targets
Target

3350aae4c4ebb8a9d200f05d1fd7950b.exe

MD5

3350aae4c4ebb8a9d200f05d1fd7950b

Filesize

4MB

Score
10 /10
SHA1

19468c85dd6772e7d5566bd9f3c216c4e8bfcfae

SHA256

e3433215e57803029ce2a3e019d844b377aeb77ea11e0154289fbd4c24838d51

SHA512

0646016c83f4da20138a4a9c710b368de53152000e8bce6cebfedea787bb9a1c94068078b88ba557976c12fa009c6cb72305dcafacdb85a6d59587cac2aeef86

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Blocklisted process makes network request

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation