General

  • Target

    2f33359918125ba61b7cd34ce2f0c398

  • Size

    1.1MB

  • Sample

    231231-kfwetahhfm

  • MD5

    2f33359918125ba61b7cd34ce2f0c398

  • SHA1

    fab12215679baf6f74a4d20cdf70d0272afb454c

  • SHA256

    0f0681e9e6d6b67bbf1991810e504eb535c4acade6e018770371eca3b6ae24fd

  • SHA512

    2f3ae51f1cb0ca3642c26b2d1d0f5b793f1c44a8bb9c75795df31bd22f9413709bf7ce2e34a32ee307c0c30d0acfae052eb8153a79ee0212efaa6b7bbca1a6c5

  • SSDEEP

    24576:cfWeRFHyRooZFOEhWMm+zbeQNBG7PP/iPHYCvA57bRP:cf55yR9lhS+HeSBEPPq/Hu/

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      2f33359918125ba61b7cd34ce2f0c398

    • Size

      1.1MB

    • MD5

      2f33359918125ba61b7cd34ce2f0c398

    • SHA1

      fab12215679baf6f74a4d20cdf70d0272afb454c

    • SHA256

      0f0681e9e6d6b67bbf1991810e504eb535c4acade6e018770371eca3b6ae24fd

    • SHA512

      2f3ae51f1cb0ca3642c26b2d1d0f5b793f1c44a8bb9c75795df31bd22f9413709bf7ce2e34a32ee307c0c30d0acfae052eb8153a79ee0212efaa6b7bbca1a6c5

    • SSDEEP

      24576:cfWeRFHyRooZFOEhWMm+zbeQNBG7PP/iPHYCvA57bRP:cf55yR9lhS+HeSBEPPq/Hu/

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks