SecuriteInfo.com.Trojan.Win32.Save.a.27858.20227

General
Target

SecuriteInfo.com.Trojan.Win32.Save.a.27858.20227

Size

1MB

Sample

210911-e7874aeabl

Score
10 /10
MD5

643203bc80de891208614cc77925373f

SHA1

0df0efd8a4d0cabcc8242d708e72cd11ec70b19b

SHA256

49f3d49a89443de2c5c954803aff0e8891c6a87c069c784dd67e373204590cd5

SHA512

c6666663e6831995f693b8561f128a1b791d01c92e6f3f31c298ec56806c01f8d6056046dadd33537574f868b3ded3011427d00ad4679eb27228236b70560e87

Malware Config

Extracted

Family danabot
C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443

Attributes
embedded_hash
0E1A7A1479C37094441FA911262B322A
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

SecuriteInfo.com.Trojan.Win32.Save.a.27858.20227

MD5

643203bc80de891208614cc77925373f

Filesize

1MB

Score
10 /10
SHA1

0df0efd8a4d0cabcc8242d708e72cd11ec70b19b

SHA256

49f3d49a89443de2c5c954803aff0e8891c6a87c069c784dd67e373204590cd5

SHA512

c6666663e6831995f693b8561f128a1b791d01c92e6f3f31c298ec56806c01f8d6056046dadd33537574f868b3ded3011427d00ad4679eb27228236b70560e87

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Blocklisted process makes network request

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10