9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12

General
Target

9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12

Size

1MB

Sample

220112-ttcdjadbe4

Score
10 /10
MD5

a8c9c70c215549f68555476f80cd20e9

SHA1

d499cf0f21c0fba8aaf6e0eb44d4bca3d754da5c

SHA256

9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12

SHA512

1be51796ed8fd6c6807be48e0e2b13721d15ba6498587ce2e1121df13ff3176dd38e44d0561b53542e4355ac43fbda60d7ea1660f82534e18f1d4c1bfd911abc

Malware Config

Extracted

Family danabot
Botnet 4
C2

209.127.27.22:443

103.175.16.114:443

103.175.16.113:443
Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12

MD5

a8c9c70c215549f68555476f80cd20e9

Filesize

1MB

Score
10/10
SHA1

d499cf0f21c0fba8aaf6e0eb44d4bca3d754da5c

SHA256

9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12

SHA512

1be51796ed8fd6c6807be48e0e2b13721d15ba6498587ce2e1121df13ff3176dd38e44d0561b53542e4355ac43fbda60d7ea1660f82534e18f1d4c1bfd911abc

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Loads dropped DLL

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10