General

  • Target

    60DB5DE363585FCE685056CDE11796F4CADC79C861E39.exe

  • Size

    1MB

  • Sample

    220412-wct85aeder

  • MD5

    1323af5b087a2941e31817a98c035269

  • SHA1

    65e101144578c32a03614039e2e6b3c04900c98a

  • SHA256

    60db5de363585fce685056cde11796f4cadc79c861e39475ebd9bb2b9c6e8117

  • SHA512

    2b7172a93ebaf6cce4bcde08038dc8666c57d580724dc32e3e586483e345499ced915a76ddd435c7a3be858ea77a314033a30bf1bd6e57942cdab877290e81c1

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.236.161.79:443

192.236.146.39:443

37.220.31.27:443

Attributes
  • embedded_hash

    7FF0AA10AB3BA961670646D23EAE3911

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      60DB5DE363585FCE685056CDE11796F4CADC79C861E39.exe

    • Size

      1MB

    • MD5

      1323af5b087a2941e31817a98c035269

    • SHA1

      65e101144578c32a03614039e2e6b3c04900c98a

    • SHA256

      60db5de363585fce685056cde11796f4cadc79c861e39475ebd9bb2b9c6e8117

    • SHA512

      2b7172a93ebaf6cce4bcde08038dc8666c57d580724dc32e3e586483e345499ced915a76ddd435c7a3be858ea77a314033a30bf1bd6e57942cdab877290e81c1

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • suricata: ET MALWARE Danabot Key Exchange Request

      suricata: ET MALWARE Danabot Key Exchange Request

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks