SecuriteInfo.com.Ransom.Stop.P6.19307.25815

General
Target

SecuriteInfo.com.Ransom.Stop.P6.19307.25815

Size

5MB

Sample

210408-r95n8mcjcs

Score
10 /10
MD5

2fbdd54155f2cf4b6f41bf5e92d74696

SHA1

3bafc4377abf9433acce914de93f18f29c66a3c8

SHA256

4cf8cd89929828f99642b9992f5479dd7ef217ae9cdbddfd9a2b17300ddee655

SHA512

a10a1e63ab67187caa6edd81e418a29fa56262ad3a196e0e54e341cebb38347242efe3265b79ed8eaf25ffbaf7a3d4aa72820c1e336593caf11ebcafe2a32915

Malware Config

Extracted

Family danabot
Version 1827
Botnet 3
C2

23.106.123.249:443

23.106.123.141:443

23.254.225.170:443

134.119.186.216:443

Attributes
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
rsa_pubkey.plain
rsa_pubkey.plain
Targets
Target

SecuriteInfo.com.Ransom.Stop.P6.19307.25815

MD5

2fbdd54155f2cf4b6f41bf5e92d74696

Filesize

5MB

Score
10 /10
SHA1

3bafc4377abf9433acce914de93f18f29c66a3c8

SHA256

4cf8cd89929828f99642b9992f5479dd7ef217ae9cdbddfd9a2b17300ddee655

SHA512

a10a1e63ab67187caa6edd81e418a29fa56262ad3a196e0e54e341cebb38347242efe3265b79ed8eaf25ffbaf7a3d4aa72820c1e336593caf11ebcafe2a32915

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Blocklisted process makes network request

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation