General

  • Target

    8ec188a34196eadd33a1353bd5cf70b95b7e4a28fde56ba48c5dd00fe5a57499

  • Size

    196KB

  • Sample

    220924-mq1tdsbbc3

  • MD5

    c1bbd6b74c11938202298ec36a11320c

  • SHA1

    5d36b44543d4663bf61ff65979f9e0a7e7e31323

  • SHA256

    8ec188a34196eadd33a1353bd5cf70b95b7e4a28fde56ba48c5dd00fe5a57499

  • SHA512

    b7c122c03baa63317e1d7c536dc7149af604d5a359bea703f479c60ae48909e3cba74618592411e601b3d7ccdee90e24454750b5b4fa0a0389fef23a32b7183a

  • SSDEEP

    3072:CZAZLrgL5i685euyrgxSUTg8++jh54qBz5powy3/Pka4x:rL45iLe+vTguFD

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      8ec188a34196eadd33a1353bd5cf70b95b7e4a28fde56ba48c5dd00fe5a57499

    • Size

      196KB

    • MD5

      c1bbd6b74c11938202298ec36a11320c

    • SHA1

      5d36b44543d4663bf61ff65979f9e0a7e7e31323

    • SHA256

      8ec188a34196eadd33a1353bd5cf70b95b7e4a28fde56ba48c5dd00fe5a57499

    • SHA512

      b7c122c03baa63317e1d7c536dc7149af604d5a359bea703f479c60ae48909e3cba74618592411e601b3d7ccdee90e24454750b5b4fa0a0389fef23a32b7183a

    • SSDEEP

      3072:CZAZLrgL5i685euyrgxSUTg8++jh54qBz5powy3/Pka4x:rL45iLe+vTguFD

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks