General

  • Target

    1932a45918b7e0a6ff94e635d85cc102

  • Size

    1.1MB

  • Sample

    231230-p6m9caegf2

  • MD5

    1932a45918b7e0a6ff94e635d85cc102

  • SHA1

    8cef889ea56117804848477a0cd7d3f35b1c74cc

  • SHA256

    bd4c7e53b23b6adf4548d684e070d0d909ff41a3aa4749851f0ac61b772ef919

  • SHA512

    4c3134234bfa331e22e3cdf4da4395dd3ecb2b0e900fc237d4e448cc7c3a22427918c32b5320e7774fd78938ed0642d1713fdd96909e5aa2327de26017bd2203

  • SSDEEP

    24576:3HpBr+ZECpd14oQMTuqw32+F8FCIoCK3r6/FuI0x+XhGNfJaK31NkQbv:+B14oAqY29FCQK3XI0mGNxaQ3Pv

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

104.168.148.6:443

5.9.224.204:443

192.210.222.81:443

23.229.29.48:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      1932a45918b7e0a6ff94e635d85cc102

    • Size

      1.1MB

    • MD5

      1932a45918b7e0a6ff94e635d85cc102

    • SHA1

      8cef889ea56117804848477a0cd7d3f35b1c74cc

    • SHA256

      bd4c7e53b23b6adf4548d684e070d0d909ff41a3aa4749851f0ac61b772ef919

    • SHA512

      4c3134234bfa331e22e3cdf4da4395dd3ecb2b0e900fc237d4e448cc7c3a22427918c32b5320e7774fd78938ed0642d1713fdd96909e5aa2327de26017bd2203

    • SSDEEP

      24576:3HpBr+ZECpd14oQMTuqw32+F8FCIoCK3r6/FuI0x+XhGNfJaK31NkQbv:+B14oAqY29FCQK3XI0mGNxaQ3Pv

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks