64eab1b1df7a2d6e4c629b715b879f13891ead2c4adc25823e147eb18c76dda0

General
Target

64eab1b1df7a2d6e4c629b715b879f13891ead2c4adc25823e147eb18c76dda0

Size

1MB

Sample

220113-faj3dafgeq

Score
10 /10
MD5

705cdae1818955e2668b1e31aa1a9aca

SHA1

d3ce391d2e2fee02ccf8d377f290e776c8b1c5b6

SHA256

64eab1b1df7a2d6e4c629b715b879f13891ead2c4adc25823e147eb18c76dda0

SHA512

24a5f92cbec32251abe9efbba330ad0ac58b010abae43d00b5c876cad90d3222c1f6995635468e865ef3f6c9599c305775cf4c33def285b6eababa2249350f88

Malware Config

Extracted

Family danabot
Botnet 4
C2

103.175.16.113:443

103.175.16.114:443

Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

64eab1b1df7a2d6e4c629b715b879f13891ead2c4adc25823e147eb18c76dda0

MD5

705cdae1818955e2668b1e31aa1a9aca

Filesize

1MB

Score
10/10
SHA1

d3ce391d2e2fee02ccf8d377f290e776c8b1c5b6

SHA256

64eab1b1df7a2d6e4c629b715b879f13891ead2c4adc25823e147eb18c76dda0

SHA512

24a5f92cbec32251abe9efbba330ad0ac58b010abae43d00b5c876cad90d3222c1f6995635468e865ef3f6c9599c305775cf4c33def285b6eababa2249350f88

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10