89a79bf235fd3a402b5cdc29e58ce1a0e56ddf23f2cb2604b44ab1570e608fdd

General
Target

89a79bf235fd3a402b5cdc29e58ce1a0e56ddf23f2cb2604b44ab1570e608fdd

Size

1MB

Sample

211125-t8mstafgfn

Score
10 /10
MD5

6d9f899e26ce787bfa696e85583d49e1

SHA1

183496c077b1efdff28a1db820d461b5a4462c3c

SHA256

89a79bf235fd3a402b5cdc29e58ce1a0e56ddf23f2cb2604b44ab1570e608fdd

SHA512

dd7a7d45ee666f8fa7354e6633dc3ba209aec046dbc95991256c4ea832db1b75c2a8644b1f6538d3444a7b8a10103e551bc962721f590cb2e821374bd095ca6b

Malware Config

Extracted

Family danabot
C2

185.117.90.36:443

193.42.36.59:443

193.56.146.53:443

185.106.123.228:443

Attributes
embedded_hash
07284E2A3AB3C2E1FFFBD425849BE150
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

89a79bf235fd3a402b5cdc29e58ce1a0e56ddf23f2cb2604b44ab1570e608fdd

MD5

6d9f899e26ce787bfa696e85583d49e1

Filesize

1MB

Score
10 /10
SHA1

183496c077b1efdff28a1db820d461b5a4462c3c

SHA256

89a79bf235fd3a402b5cdc29e58ce1a0e56ddf23f2cb2604b44ab1570e608fdd

SHA512

dd7a7d45ee666f8fa7354e6633dc3ba209aec046dbc95991256c4ea832db1b75c2a8644b1f6538d3444a7b8a10103e551bc962721f590cb2e821374bd095ca6b

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Blocklisted process makes network request

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10