General

  • Target

    61f61d7ad3563534fc09d6ce6db5793b7dbd3ebf1d921081d13820fc8ff5e3e8

  • Size

    213KB

  • Sample

    221217-3rsgeaaa88

  • MD5

    90c2bb46cc2d35dff7359c2557a1f7ee

  • SHA1

    541cf986081749579f643bdf52d80dd0343dc767

  • SHA256

    61f61d7ad3563534fc09d6ce6db5793b7dbd3ebf1d921081d13820fc8ff5e3e8

  • SHA512

    9704a65f01bdb277588cf0fed0d89af03f0dfd65714ff842e048c0689549acf7143389960c694473220d43854e8cc2e9b8c02b4f7559e604d30a2e4112fd1830

  • SSDEEP

    3072:So4e8yL7+dBwRIvGgwYRwxMs+XolzMcPKfvA8/g3xoihCfrTG3ERWR3Le:V47yLCd91PCMro5Mqeg3CihgryU0V6

Score
10/10

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443

Attributes
  • embedded_hash

    8F56CD73F6B5CD5D7B17B0BA61E70A82

  • type

    loader

Targets

    • Target

      61f61d7ad3563534fc09d6ce6db5793b7dbd3ebf1d921081d13820fc8ff5e3e8

    • Size

      213KB

    • MD5

      90c2bb46cc2d35dff7359c2557a1f7ee

    • SHA1

      541cf986081749579f643bdf52d80dd0343dc767

    • SHA256

      61f61d7ad3563534fc09d6ce6db5793b7dbd3ebf1d921081d13820fc8ff5e3e8

    • SHA512

      9704a65f01bdb277588cf0fed0d89af03f0dfd65714ff842e048c0689549acf7143389960c694473220d43854e8cc2e9b8c02b4f7559e604d30a2e4112fd1830

    • SSDEEP

      3072:So4e8yL7+dBwRIvGgwYRwxMs+XolzMcPKfvA8/g3xoihCfrTG3ERWR3Le:V47yLCd91PCMro5Mqeg3CihgryU0V6

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks