General

  • Target

    2cf089be6e99e888313df81b8f60e102

  • Size

    1.1MB

  • Sample

    231231-h193lafha7

  • MD5

    2cf089be6e99e888313df81b8f60e102

  • SHA1

    17792f1dbb6dff2e187f4c98edd987d9dd42ec2c

  • SHA256

    adc58d4f64455555adea14cb604a69387700cba52e238e989f61eecfbdb6156c

  • SHA512

    e3a3ccc765f0a3921dd6fc536ce76946fd59cae3cdbf1663cdf9ac44c700b1212a175d1dec1701470d22217772fa3f23e3bc5cab4e8f3353676894fdf545cac2

  • SSDEEP

    24576:1pCMWN57mmQbWq6rAoc0P4MOPzhgzjWdusosV6/y+vKijq6:1pAAB680QbPKPWdusotKV

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

152.89.247.31:443

192.210.222.81:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      2cf089be6e99e888313df81b8f60e102

    • Size

      1.1MB

    • MD5

      2cf089be6e99e888313df81b8f60e102

    • SHA1

      17792f1dbb6dff2e187f4c98edd987d9dd42ec2c

    • SHA256

      adc58d4f64455555adea14cb604a69387700cba52e238e989f61eecfbdb6156c

    • SHA512

      e3a3ccc765f0a3921dd6fc536ce76946fd59cae3cdbf1663cdf9ac44c700b1212a175d1dec1701470d22217772fa3f23e3bc5cab4e8f3353676894fdf545cac2

    • SSDEEP

      24576:1pCMWN57mmQbWq6rAoc0P4MOPzhgzjWdusosV6/y+vKijq6:1pAAB680QbPKPWdusotKV

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks