General

  • Target

    6f1e36db58e5e8d93e603b14650213cb

  • Size

    1.1MB

  • Sample

    231222-fq5n1sagf9

  • MD5

    6f1e36db58e5e8d93e603b14650213cb

  • SHA1

    10c0bce28aa9f6432a791371a8846eca6668c0d4

  • SHA256

    605867494cfcc8d0cb554554d7e15c5039fe51dffc19ebd6cc40cfa86dd10503

  • SHA512

    348088575c58a402875468e539b733a0c2c91777c45e4c89aab2da3242dea9d71674f01d964ba8c12a31c35c0ab68a22023af71766f09a5e8e317970b9236021

  • SSDEEP

    24576:75/eUH4mF9gckzX62BbOQM07xT5gJv9l8nAC/NtfdS7/O:cUH4Cg5jvBHM07zgJvRSldSy

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      6f1e36db58e5e8d93e603b14650213cb

    • Size

      1.1MB

    • MD5

      6f1e36db58e5e8d93e603b14650213cb

    • SHA1

      10c0bce28aa9f6432a791371a8846eca6668c0d4

    • SHA256

      605867494cfcc8d0cb554554d7e15c5039fe51dffc19ebd6cc40cfa86dd10503

    • SHA512

      348088575c58a402875468e539b733a0c2c91777c45e4c89aab2da3242dea9d71674f01d964ba8c12a31c35c0ab68a22023af71766f09a5e8e317970b9236021

    • SSDEEP

      24576:75/eUH4mF9gckzX62BbOQM07xT5gJv9l8nAC/NtfdS7/O:cUH4Cg5jvBHM07zgJvRSldSy

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks