5984545316044800.zip.zip

General
Target

5984545316044800.zip.zip

Size

5MB

Sample

210122-t61ddv7plj

Score
10 /10
MD5

e63db582a4592a524904d108ac44f607

SHA1

9e834dc9c070c97af2ceb1a9b5827a2c74e7c658

SHA256

9899d0f860f8097ccd07091a40d88a6f79cb92c8b9c2917845cc1d329ba85a71

SHA512

07315a42ff7176c78483f51978ee0c68734a4c0ba15c082ea6c73f6bc9ab28848468d9993082867ddde58f0da7a8be9d0989ddaf000bf5950b73299d35a3c656

Malware Config

Extracted

Family danabot
Version 1755
Botnet 21
C2

47.254.174.158:1024

159.89.114.62:443

47.254.247.133:443

138.197.139.56:443

Attributes
embedded_hash
9C7D6A0C33FE7EDD9922FFD6D97552CA
rsa_pubkey.plain
rsa_pubkey.plain
Targets
Target

06456edb20ab947356811ad8ce3a16ae3ea702342163b67907217a3d28b6d698

MD5

d88626469337e68200907f9c3573eb04

Filesize

7MB

Score
10 /10
SHA1

9ac4991a8518166ac9b11bfca02045ba1c7822fd

SHA256

06456edb20ab947356811ad8ce3a16ae3ea702342163b67907217a3d28b6d698

SHA512

e6fbd55aeecf8d03bb621311918ddff34ed254ed580e4d2ce2d254f23c6dcfadb64f6701e61bd921042100f7f06ee112d7348d8c7ff0ba014a2a2ea8d8e28175

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Blocklisted process makes network request

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation