General

  • Target

    dabbb26142632eba9e737eca407d18de6c5866f7296ac13cfa184bb4df7c995b

  • Size

    1.8MB

  • Sample

    211231-mwv54afcgm

  • MD5

    50f596ea769c127ae280cc12df1d62c1

  • SHA1

    27e7ee8c39b67fee9eaa72281d2bd04229c069e0

  • SHA256

    dabbb26142632eba9e737eca407d18de6c5866f7296ac13cfa184bb4df7c995b

  • SHA512

    e303a546947fbf40df1563ec18907f5bf2202d740677c957f6c0eeb1cf4b7ac38634b1687899357ee0da65a81fbebfbd67b54d84d720824af1c76660459de350

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.223:443

192.236.194.72:443

Attributes
  • embedded_hash

    0FA95F120D6EB149A5D48E36BC76879D

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      dabbb26142632eba9e737eca407d18de6c5866f7296ac13cfa184bb4df7c995b

    • Size

      1.8MB

    • MD5

      50f596ea769c127ae280cc12df1d62c1

    • SHA1

      27e7ee8c39b67fee9eaa72281d2bd04229c069e0

    • SHA256

      dabbb26142632eba9e737eca407d18de6c5866f7296ac13cfa184bb4df7c995b

    • SHA512

      e303a546947fbf40df1563ec18907f5bf2202d740677c957f6c0eeb1cf4b7ac38634b1687899357ee0da65a81fbebfbd67b54d84d720824af1c76660459de350

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks