General

  • Target

    1c52aed4df30df05a45966183eeef3c2

  • Size

    1010KB

  • Sample

    231225-allsfsaaar

  • MD5

    1c52aed4df30df05a45966183eeef3c2

  • SHA1

    11f350112bdd668b11b2fb3849ef2b0c7c020bb4

  • SHA256

    152265b11b39688bfa5dd656dddacf87c01515f70f62aeb3b1406138a77986d5

  • SHA512

    7c30a710cdf9e7f7043b1e4a8a9c1af9e2c70570dd428691451f908b0f81f2f4c3c71f691a2174ba339b1b713baa3ace3f65820402a91225387923f848665ab6

  • SSDEEP

    24576:Tq/spU59DWkSn/enEYnXnEdI8UkY621c+9ytgYrToZmYyWa8CX:TqN9ahn/0EYnKI84621fq/AcYHg

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

15

C2

192.52.166.169:443

173.254.204.95:443

192.52.167.45:443

Attributes
  • embedded_hash

    D6A9A294BFDC6F13BFCC2AB0FA9B54B9

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      1c52aed4df30df05a45966183eeef3c2

    • Size

      1010KB

    • MD5

      1c52aed4df30df05a45966183eeef3c2

    • SHA1

      11f350112bdd668b11b2fb3849ef2b0c7c020bb4

    • SHA256

      152265b11b39688bfa5dd656dddacf87c01515f70f62aeb3b1406138a77986d5

    • SHA512

      7c30a710cdf9e7f7043b1e4a8a9c1af9e2c70570dd428691451f908b0f81f2f4c3c71f691a2174ba339b1b713baa3ace3f65820402a91225387923f848665ab6

    • SSDEEP

      24576:Tq/spU59DWkSn/enEYnXnEdI8UkY621c+9ytgYrToZmYyWa8CX:TqN9ahn/0EYnKI84621fq/AcYHg

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks