5a7eb6eb7f9d5076f89d114fc2be8e5ea4541f718c5dca06966ec18c4622b898

General
Target

5a7eb6eb7f9d5076f89d114fc2be8e5ea4541f718c5dca06966ec18c4622b898

Size

1MB

Sample

220109-krl1hsdggl

Score
10 /10
MD5

a93ffb2c4f7d50f83ead908ffc5e1afa

SHA1

bef89d62bea9bb3987c5f1fa12a75ef0d8d7546c

SHA256

5a7eb6eb7f9d5076f89d114fc2be8e5ea4541f718c5dca06966ec18c4622b898

SHA512

47f74fb3ce51ce0421828ffa8d3772bfef9b414e357087a8a6bc6300647fc82f9a162845c1bdb1ef969df18bcf708e664f0c8263e68c23504794f228e5e766a4

Malware Config

Extracted

Family danabot
Botnet 4
C2

192.119.110.4:443

103.175.16.113:443
Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

5a7eb6eb7f9d5076f89d114fc2be8e5ea4541f718c5dca06966ec18c4622b898

MD5

a93ffb2c4f7d50f83ead908ffc5e1afa

Filesize

1MB

Score
10/10
SHA1

bef89d62bea9bb3987c5f1fa12a75ef0d8d7546c

SHA256

5a7eb6eb7f9d5076f89d114fc2be8e5ea4541f718c5dca06966ec18c4622b898

SHA512

47f74fb3ce51ce0421828ffa8d3772bfef9b414e357087a8a6bc6300647fc82f9a162845c1bdb1ef969df18bcf708e664f0c8263e68c23504794f228e5e766a4

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Loads dropped DLL

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10