General

  • Target

    01911c2c5d240bf99089ba1296288140439fb0a35c3a468e2d119a4f94a76d4d

  • Size

    197KB

  • Sample

    220924-3mjnpsdgap

  • MD5

    566b85711405814185f3395067c9c256

  • SHA1

    48df247f7237ffc1f672a6370667a57bc78705a0

  • SHA256

    01911c2c5d240bf99089ba1296288140439fb0a35c3a468e2d119a4f94a76d4d

  • SHA512

    f66fc8094d220610211394169fee2cf836e666c43720419d23a0ffd2f683d5f8cf3985a938ae59b2d7276ba707bd07f1cf88012e083fe396a2cabc05fc2cc6c8

  • SSDEEP

    3072:Y3H6RLBM8naN5Nf5RzVM4Hl8FIpWxqVnfXKB/PBwc/PkkXx:5LRnEfHVM08FI0oXs

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      01911c2c5d240bf99089ba1296288140439fb0a35c3a468e2d119a4f94a76d4d

    • Size

      197KB

    • MD5

      566b85711405814185f3395067c9c256

    • SHA1

      48df247f7237ffc1f672a6370667a57bc78705a0

    • SHA256

      01911c2c5d240bf99089ba1296288140439fb0a35c3a468e2d119a4f94a76d4d

    • SHA512

      f66fc8094d220610211394169fee2cf836e666c43720419d23a0ffd2f683d5f8cf3985a938ae59b2d7276ba707bd07f1cf88012e083fe396a2cabc05fc2cc6c8

    • SSDEEP

      3072:Y3H6RLBM8naN5Nf5RzVM4Hl8FIpWxqVnfXKB/PBwc/PkkXx:5LRnEfHVM08FI0oXs

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks