General

  • Target

    1ff80f00cb6c93fa94c5c6d7c9eee59e

  • Size

    1.1MB

  • Sample

    231230-3fagfsefh5

  • MD5

    1ff80f00cb6c93fa94c5c6d7c9eee59e

  • SHA1

    6106a1d39b247b81d875976b929789f56b80351f

  • SHA256

    8cb1fc91ce481e9313b2dd4923d1a3b29dfbcbed01d1a9b8c434d1a4eaedf968

  • SHA512

    480848640077affc37329b7e50016068fe250414a679da2c8e1535d7a00b12eebfa7ece2e8a8a8c950bfa2568fac26258d81653a7d6133f37a1802765068c323

  • SSDEEP

    24576:HI1KxVUIIYTVjtlRHAfQLCxwFei7ZQaXOUTe5:o1c15VprHixwFeiFhXOce5

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

193.34.167.138:443

152.89.247.31:443

192.210.222.81:443

142.11.244.124:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      1ff80f00cb6c93fa94c5c6d7c9eee59e

    • Size

      1.1MB

    • MD5

      1ff80f00cb6c93fa94c5c6d7c9eee59e

    • SHA1

      6106a1d39b247b81d875976b929789f56b80351f

    • SHA256

      8cb1fc91ce481e9313b2dd4923d1a3b29dfbcbed01d1a9b8c434d1a4eaedf968

    • SHA512

      480848640077affc37329b7e50016068fe250414a679da2c8e1535d7a00b12eebfa7ece2e8a8a8c950bfa2568fac26258d81653a7d6133f37a1802765068c323

    • SSDEEP

      24576:HI1KxVUIIYTVjtlRHAfQLCxwFei7ZQaXOUTe5:o1c15VprHixwFeiFhXOce5

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks