General

  • Target

    463a84d5de81c240abaa3e223de328562870a5841ffec3c417fabdc230e9cfdd

  • Size

    1.3MB

  • Sample

    220924-pb4mvabca3

  • MD5

    8986b55a9017f804a34cb81d41772b23

  • SHA1

    3bcc5a3f9d421ab14852d3cd0c247ce60ec52e49

  • SHA256

    463a84d5de81c240abaa3e223de328562870a5841ffec3c417fabdc230e9cfdd

  • SHA512

    77310c1e7920fe7f559532747d7b352a1817dccc1ad87c6821cc3e60ae20b4edfad6ecc554dadf2411f2bc179db86805716757e32b7023690d83eeed4bce3d26

  • SSDEEP

    24576:mo0heEbF6o6P8jRTstbnwufzvg+KCCdUx+UEG8O8+odp0Lw5e4G0yJgxDl0QGm0e:z0Ul1sRkM0vgsqNo88w5/8IJZp

Score
10/10

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      463a84d5de81c240abaa3e223de328562870a5841ffec3c417fabdc230e9cfdd

    • Size

      1.3MB

    • MD5

      8986b55a9017f804a34cb81d41772b23

    • SHA1

      3bcc5a3f9d421ab14852d3cd0c247ce60ec52e49

    • SHA256

      463a84d5de81c240abaa3e223de328562870a5841ffec3c417fabdc230e9cfdd

    • SHA512

      77310c1e7920fe7f559532747d7b352a1817dccc1ad87c6821cc3e60ae20b4edfad6ecc554dadf2411f2bc179db86805716757e32b7023690d83eeed4bce3d26

    • SSDEEP

      24576:mo0heEbF6o6P8jRTstbnwufzvg+KCCdUx+UEG8O8+odp0Lw5e4G0yJgxDl0QGm0e:z0Ul1sRkM0vgsqNo88w5/8IJZp

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Tasks