f601ad405d65674d3fdd6d9625770487.exe

Target

Size

1MB

Sample

220109-k7bvgsdggn

Score

10 ^/10

MD5

f601ad405d65674d3fdd6d9625770487

SHA1

2d5a12ef12b560d3bb634fa37d78951169113949

SHA256

2a009cecbb0b5f61ac6956e12a8ffd880a5c6c5fcce207d48a39dec829daff6d

SHA512

1347e26b67ed12d3173196aaca8e9fcad5bb8f6ed17e0482c5b5e33ddbecb19b954d46fcea4ff9e07e7d116b2c3ba351a1ce3aae294e4ce9e176797115a8171f

Extracted

Family	danabot
Botnet	4
C2	192.119.110.4:443 103.175.16.113:443 192.119.110.4:443 103.175.16.113:443
Attributes	embedded_hash 422236FD601D11EE82825A484D26DD6F type loader
rsa_pubkey.plain
rsa_privkey.plain

Target

f601ad405d65674d3fdd6d9625770487.exe

MD5

f601ad405d65674d3fdd6d9625770487

Filesize

1MB

Score

10^/10

SHA1

2d5a12ef12b560d3bb634fa37d78951169113949

SHA256

2a009cecbb0b5f61ac6956e12a8ffd880a5c6c5fcce207d48a39dec829daff6d

SHA512

1347e26b67ed12d3173196aaca8e9fcad5bb8f6ed17e0482c5b5e33ddbecb19b954d46fcea4ff9e07e7d116b2c3ba351a1ce3aae294e4ce9e176797115a8171f

Signatures

Danabot
Description

Danabot is a modular banking Trojan that has been linked with other malware.
Tags

trojan banker danabot
Danabot Loader Component
Loads dropped DLL

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

danabot 4 banker trojan

10^/10

behavioral2

danabot 4 banker trojan

10^/10

Extracted

Tags

Signatures

Danabot

Description

Tags

Danabot Loader Component

Loads dropped DLL

Related Tasks

static1

behavioral1

behavioral2