General

  • Target

    013ed964d37e80ee700dd98ba83bc25692ee92b4895b92eed17c4ef5359432f8

  • Size

    955KB

  • Sample

    220226-lwnwcabfep

  • MD5

    13694c1e016d5a35d902070111f63d18

  • SHA1

    8a7de1581df4a927a1b5144af9d590750649aa2c

  • SHA256

    013ed964d37e80ee700dd98ba83bc25692ee92b4895b92eed17c4ef5359432f8

  • SHA512

    5ddc6f8a61d0879a337f6eb751cfdf8965ba6efcc59abb1fe84f5a304588e0738be214c76dbf6d565d72ec00b8ae398c62f1492a66510926d452c1eca16e6b89

Malware Config

Extracted

Family

danabot

C2

5.61.58.130

2.56.213.39

2.56.212.4

5.61.56.192

rsa_pubkey.plain

Targets

    • Target

      013ed964d37e80ee700dd98ba83bc25692ee92b4895b92eed17c4ef5359432f8

    • Size

      955KB

    • MD5

      13694c1e016d5a35d902070111f63d18

    • SHA1

      8a7de1581df4a927a1b5144af9d590750649aa2c

    • SHA256

      013ed964d37e80ee700dd98ba83bc25692ee92b4895b92eed17c4ef5359432f8

    • SHA512

      5ddc6f8a61d0879a337f6eb751cfdf8965ba6efcc59abb1fe84f5a304588e0738be214c76dbf6d565d72ec00b8ae398c62f1492a66510926d452c1eca16e6b89

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks