951b94f3bb2bf01cf26d5b55dbc6a7a21864bc552c649a9750fc67076276e2b1

General
Target

951b94f3bb2bf01cf26d5b55dbc6a7a21864bc552c649a9750fc67076276e2b1

Size

1MB

Sample

211125-t62h7abbd6

Score
10 /10
MD5

a950ef033197897455d5fb2bbedd6f0d

SHA1

7b5162ff77988cc82c316d8409dc8084f6713efb

SHA256

951b94f3bb2bf01cf26d5b55dbc6a7a21864bc552c649a9750fc67076276e2b1

SHA512

199e60ae2a77b4dfdbba3dd45ad670442040812865ee8775fa0402a372bee25dbfc564056e7da9ddf4a8b78571a482b09fc20bb626f3de80cda2b42912a0ea68

Malware Config

Extracted

Family danabot
C2

142.11.244.223:443

23.106.122.139:443

Attributes
embedded_hash
0FA95F120D6EB149A5D48E36BC76879D
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

951b94f3bb2bf01cf26d5b55dbc6a7a21864bc552c649a9750fc67076276e2b1

MD5

a950ef033197897455d5fb2bbedd6f0d

Filesize

1MB

Score
10/10
SHA1

7b5162ff77988cc82c316d8409dc8084f6713efb

SHA256

951b94f3bb2bf01cf26d5b55dbc6a7a21864bc552c649a9750fc67076276e2b1

SHA512

199e60ae2a77b4dfdbba3dd45ad670442040812865ee8775fa0402a372bee25dbfc564056e7da9ddf4a8b78571a482b09fc20bb626f3de80cda2b42912a0ea68

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Suspicious use of NtCreateProcessExOtherParentProcess

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10