General

  • Target

    72fa468dd1c931ad5eafd8423d76639d.bin.exe

  • Size

    948KB

  • Sample

    221130-lfd17sbd2v

  • MD5

    72fa468dd1c931ad5eafd8423d76639d

  • SHA1

    db9de9890ac62eb8896133ab1dde66d01b3cee2d

  • SHA256

    9a4e68d142593c0b68ce959f4c34bbdf477d67096eaa6db92b1577270e63c122

  • SHA512

    bc3ec5c56f6253b1842e838067250aa1c3efc6ff58d1fadf1b1cd53d488fe5e11a426abc64dfc537915cd62da07f4a3e08bb31a6682eb5d2987b46ba82a34a2a

  • SSDEEP

    24576:2PwCztr2dnOG8d3bS4ID4TpwkzXCD4D2ofZskmgPr:dCzIhWpIvkLCD2f1mgP

Malware Config

Extracted

Family

danabot

C2

5.61.58.130

2.56.213.39

5.61.56.192

rsa_pubkey.plain

Targets

    • Target

      72fa468dd1c931ad5eafd8423d76639d.bin.exe

    • Size

      948KB

    • MD5

      72fa468dd1c931ad5eafd8423d76639d

    • SHA1

      db9de9890ac62eb8896133ab1dde66d01b3cee2d

    • SHA256

      9a4e68d142593c0b68ce959f4c34bbdf477d67096eaa6db92b1577270e63c122

    • SHA512

      bc3ec5c56f6253b1842e838067250aa1c3efc6ff58d1fadf1b1cd53d488fe5e11a426abc64dfc537915cd62da07f4a3e08bb31a6682eb5d2987b46ba82a34a2a

    • SSDEEP

      24576:2PwCztr2dnOG8d3bS4ID4TpwkzXCD4D2ofZskmgPr:dCzIhWpIvkLCD2f1mgP

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks