General

  • Target

    983b74d46d5c17c816ab21e5043d0d76e86e808fdc121b0baaa58d35e282aa28

  • Size

    1.3MB

  • Sample

    220924-m9wc1scecp

  • MD5

    c09adf9b91dfc356bf2c7e48e6b670ea

  • SHA1

    48f3f7ad868ac81c4ee188e572125cb31c426c10

  • SHA256

    983b74d46d5c17c816ab21e5043d0d76e86e808fdc121b0baaa58d35e282aa28

  • SHA512

    5aa74cc32d70780eb3b7a7d3dbe81c3e43f3c60136275438f5492d6102c0743ff8ffc917f5b9724b4795682b32205455d055e9818f9a302fac1110c0c46c6f21

  • SSDEEP

    24576:lltE2Qr8Wqu0xANMANq4zcvuEb8ozvwK3wpfpyAQOFPqm4wMZjmXfPGE:pQ4WrMAQlGKiMU6Rm2

Score
10/10

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      983b74d46d5c17c816ab21e5043d0d76e86e808fdc121b0baaa58d35e282aa28

    • Size

      1.3MB

    • MD5

      c09adf9b91dfc356bf2c7e48e6b670ea

    • SHA1

      48f3f7ad868ac81c4ee188e572125cb31c426c10

    • SHA256

      983b74d46d5c17c816ab21e5043d0d76e86e808fdc121b0baaa58d35e282aa28

    • SHA512

      5aa74cc32d70780eb3b7a7d3dbe81c3e43f3c60136275438f5492d6102c0743ff8ffc917f5b9724b4795682b32205455d055e9818f9a302fac1110c0c46c6f21

    • SSDEEP

      24576:lltE2Qr8Wqu0xANMANq4zcvuEb8ozvwK3wpfpyAQOFPqm4wMZjmXfPGE:pQ4WrMAQlGKiMU6Rm2

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Tasks