Overview

overview

10

Static

static

Faktura.PDF.exe

windows7-x64

10

Faktura.PDF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Faktura.PDF.exe

  • Size

    3.2MB

  • Sample

    221017-qmyreacagr

  • MD5

    5da162eebc4d19470d96c9138eef7c1b

  • SHA1

    674fae4a60d3040bf962c8ff0af5bd14bcb9ed9e

  • SHA256

    3c825d5a2cc6da2b923f3bba6ba850295e0e23ca8ddad1f716d859d585c225e6

  • SHA512

    08efaea6cc218b873b23727ca6f72f06460dc5b1d3ab6af2a551f5ce6d3ea796a10112c1ab88c8e82744b614b778b239eef7ed1b3805f14c9a3a96844b3535e8

  • SSDEEP

    98304:tjeA5Hw2+x3MOITGA2ZgtMvhjvsSk3SU7iio:heA5H9AIythjvm3lo

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

136.167.173.24

73.114.1.155

45.172.198.33

100.88.36.122

106.127.134.181

195.123.220.45

151.236.14.84

198.102.202.22

19.121.241.168

222.30.140.7
rsa_pubkey.plain

Targets

    • Target

      Faktura.PDF.exe

    • Size

      3.2MB

    • MD5

      5da162eebc4d19470d96c9138eef7c1b

    • SHA1

      674fae4a60d3040bf962c8ff0af5bd14bcb9ed9e

    • SHA256

      3c825d5a2cc6da2b923f3bba6ba850295e0e23ca8ddad1f716d859d585c225e6

    • SHA512

      08efaea6cc218b873b23727ca6f72f06460dc5b1d3ab6af2a551f5ce6d3ea796a10112c1ab88c8e82744b614b778b239eef7ed1b3805f14c9a3a96844b3535e8

    • SSDEEP

      98304:tjeA5Hw2+x3MOITGA2ZgtMvhjvsSk3SU7iio:heA5H9AIythjvm3lo

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks