General

  • Target

    194da08d62700deae3dfbc9ecbf0fb03

  • Size

    1.2MB

  • Sample

    210914-nswg5aafdm

  • MD5

    194da08d62700deae3dfbc9ecbf0fb03

  • SHA1

    e7385bf842b7a8e72227fa9b98454ea4841d980a

  • SHA256

    f6f17df29850bf734970fd18cc9c8fbf1e7cc901c2f0a823b1743c5866394254

  • SHA512

    e56c674f9116e8c5cf1eb4cac434b7347eaaeb4392b5af229dee6f9bcd3f07b530c78223c020f62ce3df6ae4f02ed3051cdea6b3b44d15dc7b40d60c8128e211

Score
10/10

Malware Config

Extracted

Family

danabot

C2

23.229.29.48:443

5.9.224.204:443

192.255.166.212:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      194da08d62700deae3dfbc9ecbf0fb03

    • Size

      1.2MB

    • MD5

      194da08d62700deae3dfbc9ecbf0fb03

    • SHA1

      e7385bf842b7a8e72227fa9b98454ea4841d980a

    • SHA256

      f6f17df29850bf734970fd18cc9c8fbf1e7cc901c2f0a823b1743c5866394254

    • SHA512

      e56c674f9116e8c5cf1eb4cac434b7347eaaeb4392b5af229dee6f9bcd3f07b530c78223c020f62ce3df6ae4f02ed3051cdea6b3b44d15dc7b40d60c8128e211

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks