79783e2f75c717e96a5c31474604a186aae487261879c494325a2b3a1d34192c

General
Target

79783e2f75c717e96a5c31474604a186aae487261879c494325a2b3a1d34192c

Size

1MB

Sample

220112-j8ky4sbge8

Score
10 /10
MD5

05f6de5eee3877edd3112f421e069c4b

SHA1

32999efa3e0333f0bd91a0ac800dcc9fcfc706ef

SHA256

79783e2f75c717e96a5c31474604a186aae487261879c494325a2b3a1d34192c

SHA512

811657673af1a100785aa2e8372334c4c470598fc587b1f58b706164d512ec57b6490b4a3afc8e246967550eeefa91d3be6b25d275a22995a0bdfb4d03c50cb8

Malware Config

Extracted

Family danabot
Botnet 4
C2

209.127.27.22:443

103.175.16.114:443

103.175.16.113:443

Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

79783e2f75c717e96a5c31474604a186aae487261879c494325a2b3a1d34192c

MD5

05f6de5eee3877edd3112f421e069c4b

Filesize

1MB

Score
10/10
SHA1

32999efa3e0333f0bd91a0ac800dcc9fcfc706ef

SHA256

79783e2f75c717e96a5c31474604a186aae487261879c494325a2b3a1d34192c

SHA512

811657673af1a100785aa2e8372334c4c470598fc587b1f58b706164d512ec57b6490b4a3afc8e246967550eeefa91d3be6b25d275a22995a0bdfb4d03c50cb8

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10