General

  • Target

    1f57b1bf29591b6cd4a7acdae635ff66

  • Size

    1.2MB

  • Sample

    231230-218z3sbch5

  • MD5

    1f57b1bf29591b6cd4a7acdae635ff66

  • SHA1

    c4fdd40ea7a9a35e8dbe2aacfaf1f3c872e8d690

  • SHA256

    3d818dabca9956696c7942d76c16c88ece6b74bd8c479ad4b5de31109e85c237

  • SHA512

    a52018ece32926798a72982f8383ea3a6d74ca91a9b2da1cec93b1d01b639748c01c3111dd4ad1cd6fce14750d3e28b97b3b17527775741e5f7867d180109940

  • SSDEEP

    24576:SYOc4MasBAgN45LhIUEekqTCv3OWeUH4SA7rKBwG+qS6Qig/cwid3Ut:STg8hIek9v0UHrq+BqqS6qihU

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.206.50:443

142.11.244.124:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      1f57b1bf29591b6cd4a7acdae635ff66

    • Size

      1.2MB

    • MD5

      1f57b1bf29591b6cd4a7acdae635ff66

    • SHA1

      c4fdd40ea7a9a35e8dbe2aacfaf1f3c872e8d690

    • SHA256

      3d818dabca9956696c7942d76c16c88ece6b74bd8c479ad4b5de31109e85c237

    • SHA512

      a52018ece32926798a72982f8383ea3a6d74ca91a9b2da1cec93b1d01b639748c01c3111dd4ad1cd6fce14750d3e28b97b3b17527775741e5f7867d180109940

    • SSDEEP

      24576:SYOc4MasBAgN45LhIUEekqTCv3OWeUH4SA7rKBwG+qS6Qig/cwid3Ut:STg8hIek9v0UHrq+BqqS6qihU

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks