4c7997ac51cbffb25df9984253791780

General
Target

4c7997ac51cbffb25df9984253791780

Size

1MB

Sample

210914-pg6z6aafgk

Score
10 /10
MD5

4c7997ac51cbffb25df9984253791780

SHA1

e1d0624c2ba2febd6ae5f85c69d54761911462e8

SHA256

82abbdee746d652b3300c458d251e3b858dfa66b287049608cd4eb3d6cf3b3f8

SHA512

8027c936d3aea6242ff6627e0118b7d7c54f58138db8794801e309c9ff571e4aee3ab70f37a83d2fe600137d26d2bfe429d63fb8f6519246c8d2ccfa9537fd4f

Malware Config

Extracted

Family danabot
C2

23.229.29.48:443

5.9.224.204:443

192.255.166.212:443

Attributes
embedded_hash
0E1A7A1479C37094441FA911262B322A
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

4c7997ac51cbffb25df9984253791780

MD5

4c7997ac51cbffb25df9984253791780

Filesize

1MB

Score
10/10
SHA1

e1d0624c2ba2febd6ae5f85c69d54761911462e8

SHA256

82abbdee746d652b3300c458d251e3b858dfa66b287049608cd4eb3d6cf3b3f8

SHA512

8027c936d3aea6242ff6627e0118b7d7c54f58138db8794801e309c9ff571e4aee3ab70f37a83d2fe600137d26d2bfe429d63fb8f6519246c8d2ccfa9537fd4f

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Blocklisted process makes network request

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10