a5976d1948376946db83e75c050bbbd8ee6debfe5b719fd9d433a6355edef209

General
Target

a5976d1948376946db83e75c050bbbd8ee6debfe5b719fd9d433a6355edef209

Size

1MB

Sample

220113-sqzh8abah7

Score
10 /10
MD5

529aa365cda65ab7bfc08d8d7b6dbfd8

SHA1

7ca701360a398ac3ff07b5c8923f2693e355b4ca

SHA256

a5976d1948376946db83e75c050bbbd8ee6debfe5b719fd9d433a6355edef209

SHA512

27c15dbfabf4395aaaaed9724e97cd10b773f1089505e1e16bedfcdd449761c2a75426fd8645dd86f4124fe966eec85a4aacd641eaa9ede9d3948c460650de90

Malware Config

Extracted

Family danabot
Botnet 4
C2

103.175.16.113:443

103.175.16.114:443

Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

a5976d1948376946db83e75c050bbbd8ee6debfe5b719fd9d433a6355edef209

MD5

529aa365cda65ab7bfc08d8d7b6dbfd8

Filesize

1MB

Score
10/10
SHA1

7ca701360a398ac3ff07b5c8923f2693e355b4ca

SHA256

a5976d1948376946db83e75c050bbbd8ee6debfe5b719fd9d433a6355edef209

SHA512

27c15dbfabf4395aaaaed9724e97cd10b773f1089505e1e16bedfcdd449761c2a75426fd8645dd86f4124fe966eec85a4aacd641eaa9ede9d3948c460650de90

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10