General

  • Target

    1605515eccee72e75efe33ba6b8d9bcb

  • Size

    1.2MB

  • Sample

    231230-vftlbschh7

  • MD5

    1605515eccee72e75efe33ba6b8d9bcb

  • SHA1

    eab7cc1b376e0257c99615ee5baaa0976e18ed32

  • SHA256

    c69b6339fbcf4ab111115acc4134719d7de63176942c4e78913f5cf05a8c1b0f

  • SHA512

    097ccfb1608d91bc13e9e5ea0f1620940daae9f163d7ff14dd198411ccd390ea0ceb9a99864ab9af16074338e17c4a83fc402bbb5fb95e63575a578e4b3fc3a7

  • SSDEEP

    24576:2BslwCP6/1/AleEmE3pA48UFpElM+XNbE5bMXsVGtON:2B3/1ceEmE3pr8U7ECiGMXsVz

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      1605515eccee72e75efe33ba6b8d9bcb

    • Size

      1.2MB

    • MD5

      1605515eccee72e75efe33ba6b8d9bcb

    • SHA1

      eab7cc1b376e0257c99615ee5baaa0976e18ed32

    • SHA256

      c69b6339fbcf4ab111115acc4134719d7de63176942c4e78913f5cf05a8c1b0f

    • SHA512

      097ccfb1608d91bc13e9e5ea0f1620940daae9f163d7ff14dd198411ccd390ea0ceb9a99864ab9af16074338e17c4a83fc402bbb5fb95e63575a578e4b3fc3a7

    • SSDEEP

      24576:2BslwCP6/1/AleEmE3pA48UFpElM+XNbE5bMXsVGtON:2B3/1ceEmE3pr8U7ECiGMXsVz

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks