General

  • Target

    9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12

  • Size

    1MB

  • Sample

    220112-ttcdjadbe4

  • MD5

    a8c9c70c215549f68555476f80cd20e9

  • SHA1

    d499cf0f21c0fba8aaf6e0eb44d4bca3d754da5c

  • SHA256

    9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12

  • SHA512

    1be51796ed8fd6c6807be48e0e2b13721d15ba6498587ce2e1121df13ff3176dd38e44d0561b53542e4355ac43fbda60d7ea1660f82534e18f1d4c1bfd911abc

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

209.127.27.22:443

103.175.16.114:443

103.175.16.113:443

Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12

    • Size

      1MB

    • MD5

      a8c9c70c215549f68555476f80cd20e9

    • SHA1

      d499cf0f21c0fba8aaf6e0eb44d4bca3d754da5c

    • SHA256

      9ebcbf93b00f37d17be91cc3dac5ee946f6a7535600d41990d692bfc8bc43c12

    • SHA512

      1be51796ed8fd6c6807be48e0e2b13721d15ba6498587ce2e1121df13ff3176dd38e44d0561b53542e4355ac43fbda60d7ea1660f82534e18f1d4c1bfd911abc

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Loads dropped DLL

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation