SecuriteInfo.com.W32.AIDetect.malware1.12135.10971

General
Target

SecuriteInfo.com.W32.AIDetect.malware1.12135.10971

Size

5MB

Sample

210409-r2r3w458aj

Score
10 /10
MD5

a1d41370fa33850a53da98f69c4bf735

SHA1

0bdab47ba112c6639077c740d5d659e53edb6ea7

SHA256

11ad6a2816687b70968f90ef3c5489f98cb38d04be064d1834ed7d23ed3338fc

SHA512

a37006945a93f2555b870c24f35600c50477c162d2ef7a66e5ca65f7384075b9259e0bcd4f5e66d46914e5b38e295be837fa54e5c4073f0887bbc61e14f6ebe1

Malware Config

Extracted

Family danabot
Version 1827
Botnet 3
C2

193.34.167.88:443

192.210.198.12:443

23.81.246.201:443

192.3.26.107:443

Attributes
embedded_hash
AEF96B4D339B580ABB737F203C2D0F52
rsa_pubkey.plain
rsa_pubkey.plain
Targets
Target

SecuriteInfo.com.W32.AIDetect.malware1.12135.10971

MD5

a1d41370fa33850a53da98f69c4bf735

Filesize

5MB

Score
10 /10
SHA1

0bdab47ba112c6639077c740d5d659e53edb6ea7

SHA256

11ad6a2816687b70968f90ef3c5489f98cb38d04be064d1834ed7d23ed3338fc

SHA512

a37006945a93f2555b870c24f35600c50477c162d2ef7a66e5ca65f7384075b9259e0bcd4f5e66d46914e5b38e295be837fa54e5c4073f0887bbc61e14f6ebe1

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Blocklisted process makes network request

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation