General

  • Target

    645d820df78b809ea6f9db0fb00a6734c0a5390e9c6249f6b1797be58acef305

  • Size

    214KB

  • Sample

    221218-bhme9adb7x

  • MD5

    922b9a4390c8b65eae2ff7e691cc12ff

  • SHA1

    3690448b9f98de18d5cb7df4ebce934438502ce5

  • SHA256

    645d820df78b809ea6f9db0fb00a6734c0a5390e9c6249f6b1797be58acef305

  • SHA512

    0409b5956e5cd9b2b89842689589b1d329df099dabc323256484fe8423c37210a855d97500c6defcd59fdf765d26208a61df8584b13bb1ebe9c9a0bb7dafd3d0

  • SSDEEP

    3072:eL5tzrLOowReN+5JTmWs8E9L6GSKr8RU7J8/g3xopbL7smG3ERWR3LV:+5trLOmm5E9L688mCg3CtLmU0VB

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443

Attributes
  • embedded_hash

    8F56CD73F6B5CD5D7B17B0BA61E70A82

  • type

    loader

Targets

    • Target

      645d820df78b809ea6f9db0fb00a6734c0a5390e9c6249f6b1797be58acef305

    • Size

      214KB

    • MD5

      922b9a4390c8b65eae2ff7e691cc12ff

    • SHA1

      3690448b9f98de18d5cb7df4ebce934438502ce5

    • SHA256

      645d820df78b809ea6f9db0fb00a6734c0a5390e9c6249f6b1797be58acef305

    • SHA512

      0409b5956e5cd9b2b89842689589b1d329df099dabc323256484fe8423c37210a855d97500c6defcd59fdf765d26208a61df8584b13bb1ebe9c9a0bb7dafd3d0

    • SSDEEP

      3072:eL5tzrLOowReN+5JTmWs8E9L6GSKr8RU7J8/g3xopbL7smG3ERWR3LV:+5trLOmm5E9L688mCg3CtLmU0VB

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks