General

  • Target

    3d632fa41ea571345ea1dd8ea1a19f7d

  • Size

    1.3MB

  • Sample

    240101-vhaw1aedbj

  • MD5

    3d632fa41ea571345ea1dd8ea1a19f7d

  • SHA1

    1081f6a47238461d99bd96ce18a7d6c1c02e8d0c

  • SHA256

    b3bc97c117ea2c0633f08f92ae2a073d7eeb443c566219a52f06cc4e62e408da

  • SHA512

    165a1162e3abf8396d52555f0235c4a2e96a2cf3a32337631c82ff16670a3ae16552abe9f36824d654952922b437b2f7307bbb2289d9b31d7b438b8a3d2be361

  • SSDEEP

    12288:bs8FyxuVMb5/pJHGKDuwG7Eq5rhboQ1+dDfQJxGfymLHrQkTLN1DAe:o8FPCRJHluwG7Z1RaNfQJxXE9TL3A

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      3d632fa41ea571345ea1dd8ea1a19f7d

    • Size

      1.3MB

    • MD5

      3d632fa41ea571345ea1dd8ea1a19f7d

    • SHA1

      1081f6a47238461d99bd96ce18a7d6c1c02e8d0c

    • SHA256

      b3bc97c117ea2c0633f08f92ae2a073d7eeb443c566219a52f06cc4e62e408da

    • SHA512

      165a1162e3abf8396d52555f0235c4a2e96a2cf3a32337631c82ff16670a3ae16552abe9f36824d654952922b437b2f7307bbb2289d9b31d7b438b8a3d2be361

    • SSDEEP

      12288:bs8FyxuVMb5/pJHGKDuwG7Eq5rhboQ1+dDfQJxGfymLHrQkTLN1DAe:o8FPCRJHluwG7Z1RaNfQJxXE9TL3A

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks