c0eb802f394e758da4feb0d6c3b817bf1f64880ab9bc851937d5ef774161585d.bin

General
Target

c0eb802f394e758da4feb0d6c3b817bf1f64880ab9bc851937d5ef774161585d.bin

Size

4MB

Sample

210125-x8xjd47fja

Score
10 /10
MD5

c55a1a3a135dcc3a771ea4648862a202

SHA1

7c156e5701b0cf7eaf3a38cc1f5f68992bfe62f8

SHA256

c0eb802f394e758da4feb0d6c3b817bf1f64880ab9bc851937d5ef774161585d

SHA512

c1254cad4d620b96a2a620ef54a3c6391a3ddfece27819348cac5166489f788b827828f227c2dd5f893152d5c591eb1f63cfe14e99ad098f14b5b9ff59fce521

Malware Config

Extracted

Family danabot
Version 1732
Botnet 3
C2

23.226.132.92:443

23.106.123.249:443

108.62.141.152:443

104.144.64.163:443

Attributes
embedded_hash
49574F66CD0103BBD725C08A9805C2BE
rsa_pubkey.plain
rsa_pubkey.plain
Targets
Target

c0eb802f394e758da4feb0d6c3b817bf1f64880ab9bc851937d5ef774161585d.bin

MD5

c55a1a3a135dcc3a771ea4648862a202

Filesize

4MB

Score
10 /10
SHA1

7c156e5701b0cf7eaf3a38cc1f5f68992bfe62f8

SHA256

c0eb802f394e758da4feb0d6c3b817bf1f64880ab9bc851937d5ef774161585d

SHA512

c1254cad4d620b96a2a620ef54a3c6391a3ddfece27819348cac5166489f788b827828f227c2dd5f893152d5c591eb1f63cfe14e99ad098f14b5b9ff59fce521

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Blocklisted process makes network request

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation