General

  • Target

    1bf32f6e6cf40dcda965b80879e4d3fa

  • Size

    1.3MB

  • Sample

    231230-zd1n3sebel

  • MD5

    1bf32f6e6cf40dcda965b80879e4d3fa

  • SHA1

    5015aa420e5d0f68f1ea37a5d0fb835327cd1694

  • SHA256

    6142552f12d9bf99795c70069ab7f42b8b8fb32ed80faca367bd36d544e56567

  • SHA512

    80c9c49af2c00a76ea3afbcde3f6d59cdd15ac68fc7b441b4be92aae0da459b624c3e6d0d7fb788e199d679d047f2e65261aa3f45da23e187340e1b225acf993

  • SSDEEP

    24576:y8pWEmNN85Fhyuqsghhg0SWKyolmixTOfU:ZlMgYvoDxT6

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      1bf32f6e6cf40dcda965b80879e4d3fa

    • Size

      1.3MB

    • MD5

      1bf32f6e6cf40dcda965b80879e4d3fa

    • SHA1

      5015aa420e5d0f68f1ea37a5d0fb835327cd1694

    • SHA256

      6142552f12d9bf99795c70069ab7f42b8b8fb32ed80faca367bd36d544e56567

    • SHA512

      80c9c49af2c00a76ea3afbcde3f6d59cdd15ac68fc7b441b4be92aae0da459b624c3e6d0d7fb788e199d679d047f2e65261aa3f45da23e187340e1b225acf993

    • SSDEEP

      24576:y8pWEmNN85Fhyuqsghhg0SWKyolmixTOfU:ZlMgYvoDxT6

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks