Overview

overview

10

Static

static

6DECC0A786...93.exe

windows7_x64

10

6DECC0A786...93.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6DECC0A786C251A804555CD2B51AEFA1928745CAC1093.exe

  • Size

    1.4MB

  • Sample

    220618-asbwtsgcf3

  • MD5

    7c055d31ed3d8770f6468bb20772ef41

  • SHA1

    b5ff8d245d5cb3e85a8ab9d861c55a03a5f3ff7e

  • SHA256

    6decc0a786c251a804555cd2b51aefa1928745cac10933cbb830d19115904b60

  • SHA512

    d97184e6f79955bad2def8f67be6d0418a40ba4f4dd31f96c3bcb0d423b136e4acd892b6d5e1ee5036f102ec13d69ef60cf58b3f6a4e4b420c632b820490a123

Score
10/10
danabot4bankersuricatatrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.206.50:443

192.236.161.79:443

192.236.146.39:443

37.220.31.27:443
Attributes
  • embedded_hash

    7FF0AA10AB3BA961670646D23EAE3911

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      6DECC0A786C251A804555CD2B51AEFA1928745CAC1093.exe

    • Size

      1.4MB

    • MD5

      7c055d31ed3d8770f6468bb20772ef41

    • SHA1

      b5ff8d245d5cb3e85a8ab9d861c55a03a5f3ff7e

    • SHA256

      6decc0a786c251a804555cd2b51aefa1928745cac10933cbb830d19115904b60

    • SHA512

      d97184e6f79955bad2def8f67be6d0418a40ba4f4dd31f96c3bcb0d423b136e4acd892b6d5e1ee5036f102ec13d69ef60cf58b3f6a4e4b420c632b820490a123

    Score
    10/10
    danabot4bankersuricatatrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot Loader Component

    • suricata: ET MALWARE Danabot Key Exchange Request

      suricata: ET MALWARE Danabot Key Exchange Request

      suricata

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks