669f064aec912f72385f9e7723d431dfc2c38699c1f7add014b1031032e9965c

General
Target

669f064aec912f72385f9e7723d431dfc2c38699c1f7add014b1031032e9965c

Size

1MB

Sample

220113-af9mbsege8

Score
10 /10
MD5

4698c5d4fd0259b7e65d925bbd67c4ea

SHA1

fdcd44b4179e4498162f279e72317a431f6c6567

SHA256

669f064aec912f72385f9e7723d431dfc2c38699c1f7add014b1031032e9965c

SHA512

3f3a262411f0eed0f5f1e121a3db54b552379f577d8c1059a8ab88eb690177d2639c8dcd47709a5b4cce138ab327e2af8b79fc894eae3034371dd31752b7393e

Malware Config

Extracted

Family danabot
Botnet 4
C2

103.175.16.113:443

103.175.16.114:443

Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

669f064aec912f72385f9e7723d431dfc2c38699c1f7add014b1031032e9965c

MD5

4698c5d4fd0259b7e65d925bbd67c4ea

Filesize

1MB

Score
10/10
SHA1

fdcd44b4179e4498162f279e72317a431f6c6567

SHA256

669f064aec912f72385f9e7723d431dfc2c38699c1f7add014b1031032e9965c

SHA512

3f3a262411f0eed0f5f1e121a3db54b552379f577d8c1059a8ab88eb690177d2639c8dcd47709a5b4cce138ab327e2af8b79fc894eae3034371dd31752b7393e

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10