3a754304ab6e04dd4317a89bf85eff6cc6ddb9921b277d8f8475dd22850911d1

General
Target

3a754304ab6e04dd4317a89bf85eff6cc6ddb9921b277d8f8475dd22850911d1

Size

1MB

Sample

211021-tabb5aaec3

Score
10 /10
MD5

2cb997c5e95883623e1dc0d4b2ac2fa0

SHA1

4f5d87d8ba60df5191a4a9f72d9c60f6ce925f6a

SHA256

3a754304ab6e04dd4317a89bf85eff6cc6ddb9921b277d8f8475dd22850911d1

SHA512

2ae6c2c3af5238d27f450722c33ae0552fe5bf03347310d1da52696b0cdd07c27d9aaae1acc622f22bf562b22df62c4bc64bb6da579acb1790908634903c4eeb

Malware Config

Extracted

Family danabot
C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes
embedded_hash
F4711E27D559B4AEB1A081A1EB0AC465
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

3a754304ab6e04dd4317a89bf85eff6cc6ddb9921b277d8f8475dd22850911d1

MD5

2cb997c5e95883623e1dc0d4b2ac2fa0

Filesize

1MB

Score
10/10
SHA1

4f5d87d8ba60df5191a4a9f72d9c60f6ce925f6a

SHA256

3a754304ab6e04dd4317a89bf85eff6cc6ddb9921b277d8f8475dd22850911d1

SHA512

2ae6c2c3af5238d27f450722c33ae0552fe5bf03347310d1da52696b0cdd07c27d9aaae1acc622f22bf562b22df62c4bc64bb6da579acb1790908634903c4eeb

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Blocklisted process makes network request

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10