General

  • Target

    287a774c47ad434a2280b76c9d7c2c89390ea2d69f2ae944909716ba6111c619

  • Size

    1.3MB

  • Sample

    220924-nzpyxscegk

  • MD5

    1dbaa0102ec2dbb7a37bdd3e62e60d9b

  • SHA1

    ddc45fcb829e05d8d137b82c64c1a13134b91198

  • SHA256

    287a774c47ad434a2280b76c9d7c2c89390ea2d69f2ae944909716ba6111c619

  • SHA512

    e2e06155bd568f4e74499ab1d4e4559d352051103d49fdb024b8f428cc2266a68d4b57f0209cff40951326275ba8472711699d4fd900cb10831d0b5098820dd7

  • SSDEEP

    24576:1Y1pv/Yj7KetYD7NO++w+HYnA8F7U/Tie/JgdhcpHh1acTQ:Gpv/8Wet0N2WFUTi2JPhtTQ

Score
10/10

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      287a774c47ad434a2280b76c9d7c2c89390ea2d69f2ae944909716ba6111c619

    • Size

      1.3MB

    • MD5

      1dbaa0102ec2dbb7a37bdd3e62e60d9b

    • SHA1

      ddc45fcb829e05d8d137b82c64c1a13134b91198

    • SHA256

      287a774c47ad434a2280b76c9d7c2c89390ea2d69f2ae944909716ba6111c619

    • SHA512

      e2e06155bd568f4e74499ab1d4e4559d352051103d49fdb024b8f428cc2266a68d4b57f0209cff40951326275ba8472711699d4fd900cb10831d0b5098820dd7

    • SSDEEP

      24576:1Y1pv/Yj7KetYD7NO++w+HYnA8F7U/Tie/JgdhcpHh1acTQ:Gpv/8Wet0N2WFUTi2JPhtTQ

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Tasks