194da08d62700deae3dfbc9ecbf0fb03

General
Target

194da08d62700deae3dfbc9ecbf0fb03

Size

1MB

Sample

210914-nswg5aafdm

Score
10 /10
MD5

194da08d62700deae3dfbc9ecbf0fb03

SHA1

e7385bf842b7a8e72227fa9b98454ea4841d980a

SHA256

f6f17df29850bf734970fd18cc9c8fbf1e7cc901c2f0a823b1743c5866394254

SHA512

e56c674f9116e8c5cf1eb4cac434b7347eaaeb4392b5af229dee6f9bcd3f07b530c78223c020f62ce3df6ae4f02ed3051cdea6b3b44d15dc7b40d60c8128e211

Malware Config

Extracted

Family danabot
C2

23.229.29.48:443

5.9.224.204:443

192.255.166.212:443

Attributes
embedded_hash
0E1A7A1479C37094441FA911262B322A
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

194da08d62700deae3dfbc9ecbf0fb03

MD5

194da08d62700deae3dfbc9ecbf0fb03

Filesize

1MB

Score
10/10
SHA1

e7385bf842b7a8e72227fa9b98454ea4841d980a

SHA256

f6f17df29850bf734970fd18cc9c8fbf1e7cc901c2f0a823b1743c5866394254

SHA512

e56c674f9116e8c5cf1eb4cac434b7347eaaeb4392b5af229dee6f9bcd3f07b530c78223c020f62ce3df6ae4f02ed3051cdea6b3b44d15dc7b40d60c8128e211

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Blocklisted process makes network request

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10