General

  • Target

    cbeaf4b12d6ee7771977a0d287da80ed0d7861b68ba44664aa9e4c27d11c79ce

  • Size

    983KB

  • Sample

    220226-hbpqcshfg7

  • MD5

    682ed3fab2effb467675bcdf30eb7bb9

  • SHA1

    92bc282abd71583093184d844020f367ce49030a

  • SHA256

    cbeaf4b12d6ee7771977a0d287da80ed0d7861b68ba44664aa9e4c27d11c79ce

  • SHA512

    d13ec8cb854978cb4993184e9b4f6bfcf81ec8000018c3c76e0fbc7df8b352e311838a2c883169d64488ab048ba8d7a83da17b6f470884d8d5a98bd23c45259a

Malware Config

Extracted

Family

danabot

C2

5.61.58.130

2.56.213.39

2.56.212.4

5.61.56.192

rsa_pubkey.plain

Targets

    • Target

      cbeaf4b12d6ee7771977a0d287da80ed0d7861b68ba44664aa9e4c27d11c79ce

    • Size

      983KB

    • MD5

      682ed3fab2effb467675bcdf30eb7bb9

    • SHA1

      92bc282abd71583093184d844020f367ce49030a

    • SHA256

      cbeaf4b12d6ee7771977a0d287da80ed0d7861b68ba44664aa9e4c27d11c79ce

    • SHA512

      d13ec8cb854978cb4993184e9b4f6bfcf81ec8000018c3c76e0fbc7df8b352e311838a2c883169d64488ab048ba8d7a83da17b6f470884d8d5a98bd23c45259a

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks