Resubmissions

22-01-2021 13:50

210122-8mzgcvqz7j 8

22-01-2021 13:30

210122-9kfvyp6lrx 8

22-01-2021 13:27

210122-t61ddv7plj 10

General

  • Target

    5984545316044800.zip.zip

  • Size

    5.1MB

  • Sample

    210122-t61ddv7plj

  • MD5

    e63db582a4592a524904d108ac44f607

  • SHA1

    9e834dc9c070c97af2ceb1a9b5827a2c74e7c658

  • SHA256

    9899d0f860f8097ccd07091a40d88a6f79cb92c8b9c2917845cc1d329ba85a71

  • SHA512

    07315a42ff7176c78483f51978ee0c68734a4c0ba15c082ea6c73f6bc9ab28848468d9993082867ddde58f0da7a8be9d0989ddaf000bf5950b73299d35a3c656

Malware Config

Extracted

Family

danabot

Version

1755

Botnet

21

C2

47.254.174.158:1024

159.89.114.62:443

47.254.247.133:443

138.197.139.56:443

Attributes
  • embedded_hash

    9C7D6A0C33FE7EDD9922FFD6D97552CA

rsa_pubkey.plain
rsa_pubkey.plain

Targets

    • Target

      06456edb20ab947356811ad8ce3a16ae3ea702342163b67907217a3d28b6d698

    • Size

      7.5MB

    • MD5

      d88626469337e68200907f9c3573eb04

    • SHA1

      9ac4991a8518166ac9b11bfca02045ba1c7822fd

    • SHA256

      06456edb20ab947356811ad8ce3a16ae3ea702342163b67907217a3d28b6d698

    • SHA512

      e6fbd55aeecf8d03bb621311918ddff34ed254ed580e4d2ce2d254f23c6dcfadb64f6701e61bd921042100f7f06ee112d7348d8c7ff0ba014a2a2ea8d8e28175

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks