f38ab9b98774509a4d1dbadc3f5c9a5f927979736ff89dd5892b380a9f09738c

General
Target

f38ab9b98774509a4d1dbadc3f5c9a5f927979736ff89dd5892b380a9f09738c

Size

1MB

Sample

220112-h1ragsbfep

Score
10 /10
MD5

51913f93259de85f17d3590a8263589d

SHA1

c36fb4dade6e0c69e81b8e2f2a69090471c22f7a

SHA256

f38ab9b98774509a4d1dbadc3f5c9a5f927979736ff89dd5892b380a9f09738c

SHA512

dca6b3579463af33792171d29ecb711c7bef7e83efb38cf43c37b3dd654267847851223caeef5a260a596c5d9a27f14b59ba969ceb6a0678d2515a1b5f601c82

Malware Config

Extracted

Family danabot
Botnet 4
C2

209.127.27.22:443

103.175.16.114:443

103.175.16.113:443
Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

f38ab9b98774509a4d1dbadc3f5c9a5f927979736ff89dd5892b380a9f09738c

MD5

51913f93259de85f17d3590a8263589d

Filesize

1MB

Score
10/10
SHA1

c36fb4dade6e0c69e81b8e2f2a69090471c22f7a

SHA256

f38ab9b98774509a4d1dbadc3f5c9a5f927979736ff89dd5892b380a9f09738c

SHA512

dca6b3579463af33792171d29ecb711c7bef7e83efb38cf43c37b3dd654267847851223caeef5a260a596c5d9a27f14b59ba969ceb6a0678d2515a1b5f601c82

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Loads dropped DLL

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10