General

  • Target

    49a10dfdf925ade68af1b86b61758e1f74570924daee46eb58fe2e3599967a12

  • Size

    196KB

  • Sample

    220924-qtacdsbcf6

  • MD5

    7c3ebcfe5e8a01457bd38ddb740f9e85

  • SHA1

    d41b0b47e27043ee663459a22aa5422e912c442d

  • SHA256

    49a10dfdf925ade68af1b86b61758e1f74570924daee46eb58fe2e3599967a12

  • SHA512

    51119ea4a9ac504175d38b1e4eb2c24879c54680540741ca9cf8085d26141fe5a751f61ccaec7b4f0efec2d50e41a2bdf9f2ebb4c46160193311131cb8b325b1

  • SSDEEP

    3072:SAxNLYVEATb5YJnrU2Ti9A6NFqsf4PBeLVUmAgxA/Pka4x:zLXAmlT0x54Yb9

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      49a10dfdf925ade68af1b86b61758e1f74570924daee46eb58fe2e3599967a12

    • Size

      196KB

    • MD5

      7c3ebcfe5e8a01457bd38ddb740f9e85

    • SHA1

      d41b0b47e27043ee663459a22aa5422e912c442d

    • SHA256

      49a10dfdf925ade68af1b86b61758e1f74570924daee46eb58fe2e3599967a12

    • SHA512

      51119ea4a9ac504175d38b1e4eb2c24879c54680540741ca9cf8085d26141fe5a751f61ccaec7b4f0efec2d50e41a2bdf9f2ebb4c46160193311131cb8b325b1

    • SSDEEP

      3072:SAxNLYVEATb5YJnrU2Ti9A6NFqsf4PBeLVUmAgxA/Pka4x:zLXAmlT0x54Yb9

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks