General

  • Target

    69e0603bc5aabcf9ed60c2ed34e96b5464fc13c89585fb7478aa053aed3f0138

  • Size

    948KB

  • Sample

    220205-r299escfbk

  • MD5

    fc6c2250c3b97d7f45aa288929a015b6

  • SHA1

    d5c2168845918ec63056ded0664d5b3a4891b14b

  • SHA256

    69e0603bc5aabcf9ed60c2ed34e96b5464fc13c89585fb7478aa053aed3f0138

  • SHA512

    bfaa967390210bd0cc6c0e97cac369bc7519bc540e71e39ed2bf6da87da8d8d2508c697dcb471756cb1e8e4df2e4eafafd5705d493968d11a67827a7dbbb25be

Malware Config

Extracted

Family

danabot

C2

5.61.58.130

2.56.213.39

2.56.212.4

5.61.56.192

rsa_pubkey.plain

Targets

    • Target

      69e0603bc5aabcf9ed60c2ed34e96b5464fc13c89585fb7478aa053aed3f0138

    • Size

      948KB

    • MD5

      fc6c2250c3b97d7f45aa288929a015b6

    • SHA1

      d5c2168845918ec63056ded0664d5b3a4891b14b

    • SHA256

      69e0603bc5aabcf9ed60c2ed34e96b5464fc13c89585fb7478aa053aed3f0138

    • SHA512

      bfaa967390210bd0cc6c0e97cac369bc7519bc540e71e39ed2bf6da87da8d8d2508c697dcb471756cb1e8e4df2e4eafafd5705d493968d11a67827a7dbbb25be

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks