General

  • Target

    1d9c295bd720d115cf5014062cead85f

  • Size

    1.3MB

  • Sample

    231230-1qcy8afebl

  • MD5

    1d9c295bd720d115cf5014062cead85f

  • SHA1

    75911c80bf05726b9839c4960edcba991c1f808b

  • SHA256

    80cac6571f27397cc060b9ef194f628ead0bd48a7d6ca4e10151cd5ece2fe01a

  • SHA512

    9d6e9ce11bfb14f50b2d3316744b481acbaf3fb1b3f90921d1d241677c1f5570a99c2995beaf4ceca173a7373fe35407ed7e41f05a37e2e187ed17ef9c46cbc0

  • SSDEEP

    24576:v8pWEmtUfTlLy86wg8NQ9KrYhidLcR/Nr8A2YXHRoTLyzte5z:kd6ArYhkAR/Nr8FY3yTe0h

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      1d9c295bd720d115cf5014062cead85f

    • Size

      1.3MB

    • MD5

      1d9c295bd720d115cf5014062cead85f

    • SHA1

      75911c80bf05726b9839c4960edcba991c1f808b

    • SHA256

      80cac6571f27397cc060b9ef194f628ead0bd48a7d6ca4e10151cd5ece2fe01a

    • SHA512

      9d6e9ce11bfb14f50b2d3316744b481acbaf3fb1b3f90921d1d241677c1f5570a99c2995beaf4ceca173a7373fe35407ed7e41f05a37e2e187ed17ef9c46cbc0

    • SSDEEP

      24576:v8pWEmtUfTlLy86wg8NQ9KrYhidLcR/Nr8A2YXHRoTLyzte5z:kd6ArYhkAR/Nr8FY3yTe0h

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks