6217f04f9b2c1c66014865c65a8528359ea08e7d0e31955aeb9fbb2fbd25cb97

General
Target

6217f04f9b2c1c66014865c65a8528359ea08e7d0e31955aeb9fbb2fbd25cb97

Size

1MB

Sample

220112-lnchcacbem

Score
10 /10
MD5

482217eb82aa6028517a905567dc0ac0

SHA1

2c891f863a17e7599ce6c7e18606a6b839e268fc

SHA256

6217f04f9b2c1c66014865c65a8528359ea08e7d0e31955aeb9fbb2fbd25cb97

SHA512

8a3d43c814567e1aa1fe3fb5ef39108985462953a1eb907898f971d5e84858590cb4255b24d70c1a21753482e5e477fc2b4d4a4164242e0bd90301ee7d413887

Malware Config

Extracted

Family danabot
Botnet 4
C2

209.127.27.22:443

103.175.16.114:443

103.175.16.113:443

Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

6217f04f9b2c1c66014865c65a8528359ea08e7d0e31955aeb9fbb2fbd25cb97

MD5

482217eb82aa6028517a905567dc0ac0

Filesize

1MB

Score
10/10
SHA1

2c891f863a17e7599ce6c7e18606a6b839e268fc

SHA256

6217f04f9b2c1c66014865c65a8528359ea08e7d0e31955aeb9fbb2fbd25cb97

SHA512

8a3d43c814567e1aa1fe3fb5ef39108985462953a1eb907898f971d5e84858590cb4255b24d70c1a21753482e5e477fc2b4d4a4164242e0bd90301ee7d413887

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10