General

  • Target

    072c76e5d822be16ed6f50fe2f00d020754802ed7434e14abf4c2fa77a48f1e3

  • Size

    1.8MB

  • Sample

    211231-wh4dzsfehp

  • MD5

    9142c28cefd426a2937a7365c1362f6d

  • SHA1

    2bf07778ad5cc46e8ba0d91244d3e1bee27eaece

  • SHA256

    072c76e5d822be16ed6f50fe2f00d020754802ed7434e14abf4c2fa77a48f1e3

  • SHA512

    c55efd55f578d71410eb08b5acef774c61a1471f09c13fd4c88c61e0107e905ca9b61dbeb8b1005db957a3baba4bafda6e77c9cd53d1ba5755a41200d440e83e

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.223:443

192.236.194.72:443

Attributes
  • embedded_hash

    0FA95F120D6EB149A5D48E36BC76879D

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      072c76e5d822be16ed6f50fe2f00d020754802ed7434e14abf4c2fa77a48f1e3

    • Size

      1.8MB

    • MD5

      9142c28cefd426a2937a7365c1362f6d

    • SHA1

      2bf07778ad5cc46e8ba0d91244d3e1bee27eaece

    • SHA256

      072c76e5d822be16ed6f50fe2f00d020754802ed7434e14abf4c2fa77a48f1e3

    • SHA512

      c55efd55f578d71410eb08b5acef774c61a1471f09c13fd4c88c61e0107e905ca9b61dbeb8b1005db957a3baba4bafda6e77c9cd53d1ba5755a41200d440e83e

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks