General

  • Target

    706c57c485b12abc4cd69773bc3bc89677e7c6c9485b5803ae1ea9af6f88c255

  • Size

    1.3MB

  • Sample

    221027-p83f2scccr

  • MD5

    36b6d1674f28bc6658982d4f2212ed45

  • SHA1

    62c4a0a1c42675e56e6b6b5e00d5d034bc31f4c0

  • SHA256

    706c57c485b12abc4cd69773bc3bc89677e7c6c9485b5803ae1ea9af6f88c255

  • SHA512

    e8b72e40bbfa42449eb3eacddc7000a14d0de031a5a70cca70daff621bc6e44be3c34a6375a653481aee7fe5217eb18144d1f8be513ad6d76aa3b4defec12ff8

  • SSDEEP

    24576:6TC2xrBBF6j9vWBHtokh02TmIkVqBHBUBFV25q9SRW4SdpgzpZMWz/b7/:6TC2Bej9vWHnh0BIkSHat2092XUgzdzf

Score
10/10

Malware Config

Extracted

Family

danabot

C2

172.86.120.215:443

213.227.155.103:443

103.187.26.147:443

172.86.120.138:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes
  • embedded_hash

    BBBB0DB8CB7E6D152424535822E445A7

  • type

    loader

Targets

    • Target

      706c57c485b12abc4cd69773bc3bc89677e7c6c9485b5803ae1ea9af6f88c255

    • Size

      1.3MB

    • MD5

      36b6d1674f28bc6658982d4f2212ed45

    • SHA1

      62c4a0a1c42675e56e6b6b5e00d5d034bc31f4c0

    • SHA256

      706c57c485b12abc4cd69773bc3bc89677e7c6c9485b5803ae1ea9af6f88c255

    • SHA512

      e8b72e40bbfa42449eb3eacddc7000a14d0de031a5a70cca70daff621bc6e44be3c34a6375a653481aee7fe5217eb18144d1f8be513ad6d76aa3b4defec12ff8

    • SSDEEP

      24576:6TC2xrBBF6j9vWBHtokh02TmIkVqBHBUBFV25q9SRW4SdpgzpZMWz/b7/:6TC2Bej9vWHnh0BIkSHat2092XUgzdzf

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Tasks