f37ed3859c32357cecb9dc74905a1c402a29dbc8d2d2b53472b168ca26ab7814

General
Target

f37ed3859c32357cecb9dc74905a1c402a29dbc8d2d2b53472b168ca26ab7814

Size

1MB

Sample

211125-tx1kjafgcm

Score
10 /10
MD5

fe87670bcb604ce78273292793f50129

SHA1

2e4d5d16ca026995c0862c755ad93d54488f695d

SHA256

f37ed3859c32357cecb9dc74905a1c402a29dbc8d2d2b53472b168ca26ab7814

SHA512

12cee37c4b40eacdba313680284108cb4a6ed030f86e9afb32d17283d1d23b1440127729dcf3ffc5160f26020f3d1da7abacfabe768d4f5f94598a95a276433e

Malware Config

Extracted

Family danabot
C2

185.117.90.36:443

193.42.36.59:443

193.56.146.53:443

185.106.123.228:443

Attributes
embedded_hash
07284E2A3AB3C2E1FFFBD425849BE150
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

f37ed3859c32357cecb9dc74905a1c402a29dbc8d2d2b53472b168ca26ab7814

MD5

fe87670bcb604ce78273292793f50129

Filesize

1MB

Score
10 /10
SHA1

2e4d5d16ca026995c0862c755ad93d54488f695d

SHA256

f37ed3859c32357cecb9dc74905a1c402a29dbc8d2d2b53472b168ca26ab7814

SHA512

12cee37c4b40eacdba313680284108cb4a6ed030f86e9afb32d17283d1d23b1440127729dcf3ffc5160f26020f3d1da7abacfabe768d4f5f94598a95a276433e

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Blocklisted process makes network request

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10