General

  • Target

    11e11143ef5713077396f32f3fafd109

  • Size

    1.2MB

  • Sample

    231224-zlcxzscear

  • MD5

    11e11143ef5713077396f32f3fafd109

  • SHA1

    d2d8950d848129ab460439d3e4a0615f5f2d10c3

  • SHA256

    0d6b46f8c96f69555ad79d7fdfd91c2eb24e3baa5b89dea1b3a024f28cb40be7

  • SHA512

    92afb5046efb98ea7d930132481226eb8ad6250b363d670450c0e972e1253a59d958df7a4fffb99d20017bae4246b5a86fa03bf9865a2da155e1d03e9bbb3fc9

  • SSDEEP

    24576:NLmxtn8xbSdKS1c6x62DAHzisGqQLlrwAta5Hsr8Ft5M6:Nw8xbEdx6sH9LlUAtaRnn

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      11e11143ef5713077396f32f3fafd109

    • Size

      1.2MB

    • MD5

      11e11143ef5713077396f32f3fafd109

    • SHA1

      d2d8950d848129ab460439d3e4a0615f5f2d10c3

    • SHA256

      0d6b46f8c96f69555ad79d7fdfd91c2eb24e3baa5b89dea1b3a024f28cb40be7

    • SHA512

      92afb5046efb98ea7d930132481226eb8ad6250b363d670450c0e972e1253a59d958df7a4fffb99d20017bae4246b5a86fa03bf9865a2da155e1d03e9bbb3fc9

    • SSDEEP

      24576:NLmxtn8xbSdKS1c6x62DAHzisGqQLlrwAta5Hsr8Ft5M6:Nw8xbEdx6sH9LlUAtaRnn

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks