Overview

overview

10

Static

static

0587a54f70...b4.exe

windows7_x64

10

0587a54f70...b4.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0587a54f701741fcfa8e4ea39cd64153ed89643b7f5cf75ceb293819d229a6b4

  • Size

    2.3MB

  • Sample

    220527-v74klsagam

  • MD5

    68e1fcff2954b0003be5892af06756b7

  • SHA1

    78dc87a77f5a5b52469df964172d4590adaef142

  • SHA256

    0587a54f701741fcfa8e4ea39cd64153ed89643b7f5cf75ceb293819d229a6b4

  • SHA512

    da67f3d8671fd0911f75fb8cb69b05e662174ffd84d9e6155d855d08b8df17c0d384841604e953e1ae54bd8564c0cb9976e569e118497d8db46eae1e4b634b0e

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

91.137.81.126

195.123.246.209

151.236.14.84

194.27.0.35

73.8.230.123

178.220.152.36

232.144.184.182

119.59.233.97

214.7.139.122

95.126.163.104
rsa_pubkey.plain

Targets

    • Target

      0587a54f701741fcfa8e4ea39cd64153ed89643b7f5cf75ceb293819d229a6b4

    • Size

      2.3MB

    • MD5

      68e1fcff2954b0003be5892af06756b7

    • SHA1

      78dc87a77f5a5b52469df964172d4590adaef142

    • SHA256

      0587a54f701741fcfa8e4ea39cd64153ed89643b7f5cf75ceb293819d229a6b4

    • SHA512

      da67f3d8671fd0911f75fb8cb69b05e662174ffd84d9e6155d855d08b8df17c0d384841604e953e1ae54bd8564c0cb9976e569e118497d8db46eae1e4b634b0e

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks