General
Target

fc3bbac32a466177b1575504b966baf11e8b7c3aafc4f755818591fb35aaf5d4

Size

1MB

Sample

211118-xhc3gafbej

Score
10/10
MD5

ab31c2d598849285e601ef678552ee29

SHA1

e732ba422aa5a6c6abc13685e7cda9ac7d43b1a5

SHA256

fc3bbac32a466177b1575504b966baf11e8b7c3aafc4f755818591fb35aaf5d4

SHA512

a3069dc5aff9e084a4a1c3e088837d3c46ca6c812ed1c2ed85cb3aac5e6785d57a5444dec71ba8a98084015a30faf9abf7b2e43ea97cf5a00ef96b0c00241eb2

Malware Config

Extracted

Family

danabot

C2

192.119.110.73:443

192.236.192.201:443

Attributes
embedded_hash
0FA95F120D6EB149A5D48E36BC76879D
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

fc3bbac32a466177b1575504b966baf11e8b7c3aafc4f755818591fb35aaf5d4

MD5

ab31c2d598849285e601ef678552ee29

Filesize

1MB

Score
10/10
SHA1

e732ba422aa5a6c6abc13685e7cda9ac7d43b1a5

SHA256

fc3bbac32a466177b1575504b966baf11e8b7c3aafc4f755818591fb35aaf5d4

SHA512

a3069dc5aff9e084a4a1c3e088837d3c46ca6c812ed1c2ed85cb3aac5e6785d57a5444dec71ba8a98084015a30faf9abf7b2e43ea97cf5a00ef96b0c00241eb2

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          Score
                          N/A

                          behavioral1

                          Score
                          10/10