General

  • Target

    1df80dc87cbf0939f1d693c02c538c78.exe

  • Size

    1.2MB

  • Sample

    240103-r3297shcg7

  • MD5

    1df80dc87cbf0939f1d693c02c538c78

  • SHA1

    1bb689f77d4548f07cd39b41d91996bf60185eac

  • SHA256

    2f13aeda87ac36d7d1ed671093fb1c713eebba7c3536ccf44486aad6ae679450

  • SHA512

    dbba7852f6d11efdc1ac05dfd9ef2b21d9c4bc8d40f6a87db2dc31c790401d33957b4579a7f1a92b5222d9d2c79e6dc6ea101cfcabc4cf53b81aebf220440efe

  • SSDEEP

    24576:nc1CReZElYql7yvpTteALmtnXKIwBoUpKt6aWAF9qFKLO64k:ncNEHl7oh0tXNw/Wm64

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      1df80dc87cbf0939f1d693c02c538c78.exe

    • Size

      1.2MB

    • MD5

      1df80dc87cbf0939f1d693c02c538c78

    • SHA1

      1bb689f77d4548f07cd39b41d91996bf60185eac

    • SHA256

      2f13aeda87ac36d7d1ed671093fb1c713eebba7c3536ccf44486aad6ae679450

    • SHA512

      dbba7852f6d11efdc1ac05dfd9ef2b21d9c4bc8d40f6a87db2dc31c790401d33957b4579a7f1a92b5222d9d2c79e6dc6ea101cfcabc4cf53b81aebf220440efe

    • SSDEEP

      24576:nc1CReZElYql7yvpTteALmtnXKIwBoUpKt6aWAF9qFKLO64k:ncNEHl7oh0tXNw/Wm64

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks