General

  • Target

    951b94f3bb2bf01cf26d5b55dbc6a7a21864bc552c649a9750fc67076276e2b1

  • Size

    1.8MB

  • Sample

    211125-t62h7abbd6

  • MD5

    a950ef033197897455d5fb2bbedd6f0d

  • SHA1

    7b5162ff77988cc82c316d8409dc8084f6713efb

  • SHA256

    951b94f3bb2bf01cf26d5b55dbc6a7a21864bc552c649a9750fc67076276e2b1

  • SHA512

    199e60ae2a77b4dfdbba3dd45ad670442040812865ee8775fa0402a372bee25dbfc564056e7da9ddf4a8b78571a482b09fc20bb626f3de80cda2b42912a0ea68

Score
10/10

Malware Config

Extracted

Family

danabot

C2

142.11.244.223:443

23.106.122.139:443

Attributes
  • embedded_hash

    0FA95F120D6EB149A5D48E36BC76879D

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      951b94f3bb2bf01cf26d5b55dbc6a7a21864bc552c649a9750fc67076276e2b1

    • Size

      1.8MB

    • MD5

      a950ef033197897455d5fb2bbedd6f0d

    • SHA1

      7b5162ff77988cc82c316d8409dc8084f6713efb

    • SHA256

      951b94f3bb2bf01cf26d5b55dbc6a7a21864bc552c649a9750fc67076276e2b1

    • SHA512

      199e60ae2a77b4dfdbba3dd45ad670442040812865ee8775fa0402a372bee25dbfc564056e7da9ddf4a8b78571a482b09fc20bb626f3de80cda2b42912a0ea68

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks