General

  • Target

    899218b1a6a12eee77a86bfa39d7f36aab60feda522b6281108abc30ac967492

  • Size

    199KB

  • Sample

    220924-hw8nzaafg6

  • MD5

    7452179254975ddad84b4ebb4d04fc72

  • SHA1

    08d958ec370fd1885820490b7ade5ec504fe6957

  • SHA256

    899218b1a6a12eee77a86bfa39d7f36aab60feda522b6281108abc30ac967492

  • SHA512

    c3403a3c22ee1cc6ecbc634c5c209a1c0428a074ffe88a2f79a63049297719d565f391255d7843f05ec2c2c14afa80a393f0c67c7443b1c33cb625efedcffd0c

  • SSDEEP

    3072:Ow0Xtb6cILSNv/vn85RopUPEH0sbCKeljFmILUewSBrSVevUBlFF/Pkk4x:OLJILCvgopUPw0sbCKYjIFe9ruz

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      899218b1a6a12eee77a86bfa39d7f36aab60feda522b6281108abc30ac967492

    • Size

      199KB

    • MD5

      7452179254975ddad84b4ebb4d04fc72

    • SHA1

      08d958ec370fd1885820490b7ade5ec504fe6957

    • SHA256

      899218b1a6a12eee77a86bfa39d7f36aab60feda522b6281108abc30ac967492

    • SHA512

      c3403a3c22ee1cc6ecbc634c5c209a1c0428a074ffe88a2f79a63049297719d565f391255d7843f05ec2c2c14afa80a393f0c67c7443b1c33cb625efedcffd0c

    • SSDEEP

      3072:Ow0Xtb6cILSNv/vn85RopUPEH0sbCKeljFmILUewSBrSVevUBlFF/Pkk4x:OLJILCvgopUPw0sbCKYjIFe9ruz

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks