SecuriteInfo.com.Trojan.Coins.Win32.5986.15363.1750

General
Target

SecuriteInfo.com.Trojan.Coins.Win32.5986.15363.1750

Size

1MB

Sample

210408-syvyfjckc6

Score
10 /10
MD5

845615bf78874fa55758ce6fa4b36084

SHA1

57871e28d04d19bb2f99cfacdc844073418c0d7c

SHA256

ec7db23abe0578993c032c1c962db58d72bc1cdcb8401d33e60e92f784defb75

SHA512

7d88605095090bb6aebbd27e4ff76be4de8a85be3a33294938c2faa3151bc063b8add8f05f277642e6f8c9395a136757439943912ba704121e0fbb095462ff5d

Malware Config

Extracted

Family danabot
Version 1827
Botnet 3
C2

23.106.123.249:443

23.106.123.141:443

23.254.225.170:443

134.119.186.216:443

Attributes
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
rsa_pubkey.plain
rsa_pubkey.plain
Targets
Target

SecuriteInfo.com.Trojan.Coins.Win32.5986.15363.1750

MD5

845615bf78874fa55758ce6fa4b36084

Filesize

1MB

Score
10 /10
SHA1

57871e28d04d19bb2f99cfacdc844073418c0d7c

SHA256

ec7db23abe0578993c032c1c962db58d72bc1cdcb8401d33e60e92f784defb75

SHA512

7d88605095090bb6aebbd27e4ff76be4de8a85be3a33294938c2faa3151bc063b8add8f05f277642e6f8c9395a136757439943912ba704121e0fbb095462ff5d

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Drops startup file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral1

                  8/10