General

  • Target

    06d01f809ea7376345a5ca5629c15c32e7d2a32efa40ffafe2aba4636275ab08

  • Size

    1.8MB

  • Sample

    211231-r7nydahac3

  • MD5

    ff5cedf647fbf787f6f043aea049f75c

  • SHA1

    e7f03078d14c286c38f0c4bbf55bb5feaa51bc4b

  • SHA256

    06d01f809ea7376345a5ca5629c15c32e7d2a32efa40ffafe2aba4636275ab08

  • SHA512

    c3476ec2cdfb737db07d3015f86321ce1f4ed07adb060243939c4cbb2ec94d508bb4646f459954524152ad3b614d36acf324a1551a9c379268518a42e7f6fc3f

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.223:443

192.236.194.72:443

Attributes
  • embedded_hash

    0FA95F120D6EB149A5D48E36BC76879D

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      06d01f809ea7376345a5ca5629c15c32e7d2a32efa40ffafe2aba4636275ab08

    • Size

      1.8MB

    • MD5

      ff5cedf647fbf787f6f043aea049f75c

    • SHA1

      e7f03078d14c286c38f0c4bbf55bb5feaa51bc4b

    • SHA256

      06d01f809ea7376345a5ca5629c15c32e7d2a32efa40ffafe2aba4636275ab08

    • SHA512

      c3476ec2cdfb737db07d3015f86321ce1f4ed07adb060243939c4cbb2ec94d508bb4646f459954524152ad3b614d36acf324a1551a9c379268518a42e7f6fc3f

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks