3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712

General
Target

3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712

Size

1MB

Sample

220112-yxwnssdgg7

Score
10 /10
MD5

faaa466bf9c6fe5eb5c8625c71af738e

SHA1

e98d76fb100d8db912c6844070c45dc86fdd1e7e

SHA256

3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712

SHA512

99b5c0cf8fa9b22004667546aa86a4e7c5314652ed790054edccc2c8e5f03bd4d59a20d26c4205edee76af567816ba766bb222f3681da899ef502983f731eaa0

Malware Config

Extracted

Family danabot
Botnet 4
C2

209.127.27.22:443

103.175.16.114:443

103.175.16.113:443
Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712

MD5

faaa466bf9c6fe5eb5c8625c71af738e

Filesize

1MB

Score
10/10
SHA1

e98d76fb100d8db912c6844070c45dc86fdd1e7e

SHA256

3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712

SHA512

99b5c0cf8fa9b22004667546aa86a4e7c5314652ed790054edccc2c8e5f03bd4d59a20d26c4205edee76af567816ba766bb222f3681da899ef502983f731eaa0

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Loads dropped DLL

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10