General

  • Target

    cbf6ec3abbfbaeea6e9df16abc8de508e4627244901348e1eed97fd8b866cb0b

  • Size

    1.8MB

  • Sample

    211230-3vve6sgdb8

  • MD5

    1cd8fa2f60d14750a2977c0595a7953f

  • SHA1

    08cd05689a1ac05d83316955f1ef677066ef750e

  • SHA256

    cbf6ec3abbfbaeea6e9df16abc8de508e4627244901348e1eed97fd8b866cb0b

  • SHA512

    0336bb2e1dd3cef785294f6481c18346e67c00d209c51f7b1c8b727e20b22d1b5266d836d236ddd49cf6e15298d30d0dfc92d2fb69dccf006f813f091ba59133

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.223:443

192.236.194.72:443

Attributes
  • embedded_hash

    0FA95F120D6EB149A5D48E36BC76879D

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      cbf6ec3abbfbaeea6e9df16abc8de508e4627244901348e1eed97fd8b866cb0b

    • Size

      1.8MB

    • MD5

      1cd8fa2f60d14750a2977c0595a7953f

    • SHA1

      08cd05689a1ac05d83316955f1ef677066ef750e

    • SHA256

      cbf6ec3abbfbaeea6e9df16abc8de508e4627244901348e1eed97fd8b866cb0b

    • SHA512

      0336bb2e1dd3cef785294f6481c18346e67c00d209c51f7b1c8b727e20b22d1b5266d836d236ddd49cf6e15298d30d0dfc92d2fb69dccf006f813f091ba59133

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks