General

  • Target

    149c138dda003d584cd2a7e55e0cb17a41de38232a65ba301a82e445916d33bf

  • Size

    197KB

  • Sample

    220925-ee9cdseder

  • MD5

    d49fb57fa2a6edcc4c9e71c36e343cdf

  • SHA1

    47fc8cd554918dfb9bd6b943a9b6d93d6e99775d

  • SHA256

    149c138dda003d584cd2a7e55e0cb17a41de38232a65ba301a82e445916d33bf

  • SHA512

    946067853a3f3f4685353126a7fc7f9322a5cc9250011998cca36dfb373cca78139a5ab645b27ca2d426a9b231ef3dd13af1177b855409a640a6e2b7bad36b54

  • SSDEEP

    3072:1dKMELf455RN5F0nOV3pqOclXC3qEoJxBrerL/PkkXx:6LC5onOYOclXSoJHs

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      149c138dda003d584cd2a7e55e0cb17a41de38232a65ba301a82e445916d33bf

    • Size

      197KB

    • MD5

      d49fb57fa2a6edcc4c9e71c36e343cdf

    • SHA1

      47fc8cd554918dfb9bd6b943a9b6d93d6e99775d

    • SHA256

      149c138dda003d584cd2a7e55e0cb17a41de38232a65ba301a82e445916d33bf

    • SHA512

      946067853a3f3f4685353126a7fc7f9322a5cc9250011998cca36dfb373cca78139a5ab645b27ca2d426a9b231ef3dd13af1177b855409a640a6e2b7bad36b54

    • SSDEEP

      3072:1dKMELf455RN5F0nOV3pqOclXC3qEoJxBrerL/PkkXx:6LC5onOYOclXSoJHs

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks