Overview

overview

10

Static

static

27fa51e57d...2d.exe

windows7_x64

10

27fa51e57d...2d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27fa51e57d4513601e36b0dc90332c86de7d31579db13c8b75f0152ab5fcaa2d

  • Size

    667KB

  • Sample

    220616-c6zwxsbcc5

  • MD5

    65e534d2434340f6c491dafbf6517d6c

  • SHA1

    e4807e55870dedc767eae94ba435eaf0a69bd489

  • SHA256

    27fa51e57d4513601e36b0dc90332c86de7d31579db13c8b75f0152ab5fcaa2d

  • SHA512

    ed4d2404cdd32bd3b746668a9790370972bf40c0cad5b3bb0ad34989c30e88bfeddf031afff004ef766dbe74a80da7f1d87b9cf70e1e5ae31186300411f825af

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

5.61.56.192

5.61.58.130

2.56.212.4

32.99.84.84

152.195.32.21

49.126.36.10

93.165.23.189

22.55.172.123

113.104.135.195

2.56.213.39
rsa_pubkey.plain

Targets

    • Target

      27fa51e57d4513601e36b0dc90332c86de7d31579db13c8b75f0152ab5fcaa2d

    • Size

      667KB

    • MD5

      65e534d2434340f6c491dafbf6517d6c

    • SHA1

      e4807e55870dedc767eae94ba435eaf0a69bd489

    • SHA256

      27fa51e57d4513601e36b0dc90332c86de7d31579db13c8b75f0152ab5fcaa2d

    • SHA512

      ed4d2404cdd32bd3b746668a9790370972bf40c0cad5b3bb0ad34989c30e88bfeddf031afff004ef766dbe74a80da7f1d87b9cf70e1e5ae31186300411f825af

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks