Overview

overview

10

Static

static

10

72328a5684...b8.dll

windows7-x64

10

72328a5684...b8.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    72328a5684f0199fc2dc7e4e152de3c5e981c7a1c890996856f1ad1213b1b6b8

  • Size

    1.3MB

  • Sample

    231012-ntynwaga71

  • MD5

    8ff1243d444cca79e7b33fa1fa1d35bd

  • SHA1

    9fd3a528566d28fa42458ed8c0be94e536e44c99

  • SHA256

    72328a5684f0199fc2dc7e4e152de3c5e981c7a1c890996856f1ad1213b1b6b8

  • SHA512

    1fcbd08860542f8228dc836a5abe8bc4ce39fa90a9de32843f687d5541828fa9bdb9e5237461392df35070d3079438f96a110bccc3f6ea99cc10a4404599dd44

  • SSDEEP

    24576:e8pWEmpV0KhE9tAMM7+VS4b7wNeY2gAuUP1jlYT3:1DG4bqCu4aT

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.254.144.209:443

23.254.227.74:443

192.255.166.212:443
Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      72328a5684f0199fc2dc7e4e152de3c5e981c7a1c890996856f1ad1213b1b6b8

    • Size

      1.3MB

    • MD5

      8ff1243d444cca79e7b33fa1fa1d35bd

    • SHA1

      9fd3a528566d28fa42458ed8c0be94e536e44c99

    • SHA256

      72328a5684f0199fc2dc7e4e152de3c5e981c7a1c890996856f1ad1213b1b6b8

    • SHA512

      1fcbd08860542f8228dc836a5abe8bc4ce39fa90a9de32843f687d5541828fa9bdb9e5237461392df35070d3079438f96a110bccc3f6ea99cc10a4404599dd44

    • SSDEEP

      24576:e8pWEmpV0KhE9tAMM7+VS4b7wNeY2gAuUP1jlYT3:1DG4bqCu4aT

    Score
    10/10
    danabot4bankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks