Overview

overview

10

Static

static

0f704beb78...61.exe

windows7_x64

10

0f704beb78...61.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f704beb78bb5da40f12572c29b885af22ed193a817bda5dbe719f789368d761

  • Size

    984KB

  • Sample

    220604-s19ryahdhp

  • MD5

    3bb1e9010d67b1d44939133cfee29f89

  • SHA1

    fcafdfe8b8a52e819d4f04de067e84da754e4285

  • SHA256

    0f704beb78bb5da40f12572c29b885af22ed193a817bda5dbe719f789368d761

  • SHA512

    346d980e05e30021d2cd2a7fbe0ea73d0420b867e86a69788cd8157cbb01d14c74c4614434b6adc74da50e24c15044afc99207a3143b38c9e934188d9fb456ac

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

5.61.58.130

2.56.213.39

2.56.212.4

5.61.56.192
rsa_pubkey.plain

Targets

    • Target

      0f704beb78bb5da40f12572c29b885af22ed193a817bda5dbe719f789368d761

    • Size

      984KB

    • MD5

      3bb1e9010d67b1d44939133cfee29f89

    • SHA1

      fcafdfe8b8a52e819d4f04de067e84da754e4285

    • SHA256

      0f704beb78bb5da40f12572c29b885af22ed193a817bda5dbe719f789368d761

    • SHA512

      346d980e05e30021d2cd2a7fbe0ea73d0420b867e86a69788cd8157cbb01d14c74c4614434b6adc74da50e24c15044afc99207a3143b38c9e934188d9fb456ac

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks