General

  • Target

    fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e

  • Size

    1MB

  • Sample

    220113-qrzt9saeb2

  • MD5

    a5fb0a37f7ac9d8efe9c6dc4b5075777

  • SHA1

    00a4ce2ac284e2cebf56d60398868435fb560cbd

  • SHA256

    fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e

  • SHA512

    31799ab34f71c93f826bf5a25c1dc149bea00755cc671cde2de9847579bdcdecfce67da17aad4ce1a5578d5fcbe5dba6737471422155dedbd33130572f42d821

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

103.175.16.113:443

103.175.16.114:443

Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e

    • Size

      1MB

    • MD5

      a5fb0a37f7ac9d8efe9c6dc4b5075777

    • SHA1

      00a4ce2ac284e2cebf56d60398868435fb560cbd

    • SHA256

      fca6217cf8955755dadcff890704ac98883879c24da212b9ef3aaed402e1566e

    • SHA512

      31799ab34f71c93f826bf5a25c1dc149bea00755cc671cde2de9847579bdcdecfce67da17aad4ce1a5578d5fcbe5dba6737471422155dedbd33130572f42d821

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Loads dropped DLL

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation