baabe38154bc2271d603513346457154.exe

General
Target

baabe38154bc2271d603513346457154.exe

Size

1MB

Sample

210929-l4j75aefbp

Score
10 /10
MD5

baabe38154bc2271d603513346457154

SHA1

86ebdcd4ba7e7985c80f3897d5adba2d2c923d52

SHA256

0c1978c1bc51c425f13e670074ddfd36d3e6e458dab5bcb1527c2b37953e13d6

SHA512

149c353564df264c5d7f32f072fdcdc91e0c0ee12fe0508968003a887412fa9d47204abadc9d8c61cb955bdc1e3335db8f6f334a7838f62f95d3f28d8d576502

Malware Config

Extracted

Family danabot
Version 2052
Botnet 4
C2

142.11.192.232:443

192.119.110.73:443

142.11.242.31:443

192.210.222.88:443

Attributes
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
rsa_privkey.plain
rsa_pubkey.plain
Targets
Target

baabe38154bc2271d603513346457154.exe

MD5

baabe38154bc2271d603513346457154

Filesize

1MB

Score
10/10
SHA1

86ebdcd4ba7e7985c80f3897d5adba2d2c923d52

SHA256

0c1978c1bc51c425f13e670074ddfd36d3e6e458dab5bcb1527c2b37953e13d6

SHA512

149c353564df264c5d7f32f072fdcdc91e0c0ee12fe0508968003a887412fa9d47204abadc9d8c61cb955bdc1e3335db8f6f334a7838f62f95d3f28d8d576502

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation