Overview

overview

10

Static

static

7827_99_83872.vbs

windows7_x64

10

7827_99_83872.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    244b5656b4f18ed296ce284cce8dfb7f3c580a46ead28f946a69adcd4c7e997c

  • Size

    309KB

  • Sample

    220502-3c4acseehq

  • MD5

    6d95ab2b8de3907593197889a75aabba

  • SHA1

    dff3ba1c1c9d85a6eda88250eed168eb1c333214

  • SHA256

    244b5656b4f18ed296ce284cce8dfb7f3c580a46ead28f946a69adcd4c7e997c

  • SHA512

    da7c1a7c55e856cdfd21cd88567c8e6bfa6d4dd9b34b2a9b4d473d3084813ee23f055bd4510815247258b1c3e413882da7c941c99180616794da44cf3f181f82

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

1.5.78.29

71.61.197.13

128.43.39.106

68.164.114.181

243.7.235.34

185.92.222.238

192.71.249.51

42.180.72.123

159.159.89.172

135.231.151.187
rsa_pubkey.plain

Targets

    • Target

      7827_99_83872.vbs

    • Size

      1.4MB

    • MD5

      c9510672ebc4fc0795a731a02d89fcc6

    • SHA1

      1c7d106778171f2e0b54a0db69cbe5364e8f6fd5

    • SHA256

      cb0a6515ebf78cceb86464ac829ea872eea726aa7b8e34b8b43e1f7f36791711

    • SHA512

      8dee2bdad143a339074faf05a824983d722bd6b30cc9f9a4b8632ec277d87ee5edee77ec6d5713946681795165c105b570b6621313884e6eb7b1ac7d46dc7c33

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks