Overview

overview

10

Static

static

3cc7971bfd...96.exe

windows7_x64

10

3cc7971bfd...96.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3cc7971bfd563bc45ae27b1d077990952827b3ff9833015bc3b5e675a7699296

  • Size

    687KB

  • Sample

    220703-f2a9jsgefr

  • MD5

    6dac1a3ff16b78e26bb59ada70f01af6

  • SHA1

    9a735d323fc9a90061e2be03ca7b2fe859765685

  • SHA256

    3cc7971bfd563bc45ae27b1d077990952827b3ff9833015bc3b5e675a7699296

  • SHA512

    f977a1d4cad0a3230667d93f5a8662a1df093b3627764ad5e998fa2b02edeae6a1e20d99813076b2da05f15a11b2f538c3c82502cddd6bc190c1c28445635f16

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

193.103.171.195

116.2.174.16

96.89.5.167

208.140.75.37

89.144.25.243

192.71.249.51

6.17.108.150

40.147.224.49

82.245.40.118

150.82.21.153
rsa_pubkey.plain

Targets

    • Target

      3cc7971bfd563bc45ae27b1d077990952827b3ff9833015bc3b5e675a7699296

    • Size

      687KB

    • MD5

      6dac1a3ff16b78e26bb59ada70f01af6

    • SHA1

      9a735d323fc9a90061e2be03ca7b2fe859765685

    • SHA256

      3cc7971bfd563bc45ae27b1d077990952827b3ff9833015bc3b5e675a7699296

    • SHA512

      f977a1d4cad0a3230667d93f5a8662a1df093b3627764ad5e998fa2b02edeae6a1e20d99813076b2da05f15a11b2f538c3c82502cddd6bc190c1c28445635f16

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks