General

  • Target

    464c73f7cdb705ae47e7464ed414664c

  • Size

    1.1MB

  • Sample

    240106-qbb39sabc9

  • MD5

    464c73f7cdb705ae47e7464ed414664c

  • SHA1

    6463e2e428237a080f669cbddea908dfbed87c9b

  • SHA256

    8f86447fc4865e877e07e5c550bb3f174414dfc76a0ee709b1c856af96ed899c

  • SHA512

    4d2dcb9108ccb9dd428b0de64521b6c66717c4b8b007dcb605755b159278f84acdf41620b35cfaaf0dcbac0162702fd45a96d96ba19a4596dd2cb25f16848647

  • SSDEEP

    24576:Nrb9+Qk9m4dtWpjUc/MLgZ8UubI2HMaUX1Ho2Ts1D9Tf7KonkbwxAkYz:edtiUhJA2samo3RQIk

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

104.168.148.6:443

5.9.224.204:443

192.210.222.81:443

23.229.29.48:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      464c73f7cdb705ae47e7464ed414664c

    • Size

      1.1MB

    • MD5

      464c73f7cdb705ae47e7464ed414664c

    • SHA1

      6463e2e428237a080f669cbddea908dfbed87c9b

    • SHA256

      8f86447fc4865e877e07e5c550bb3f174414dfc76a0ee709b1c856af96ed899c

    • SHA512

      4d2dcb9108ccb9dd428b0de64521b6c66717c4b8b007dcb605755b159278f84acdf41620b35cfaaf0dcbac0162702fd45a96d96ba19a4596dd2cb25f16848647

    • SSDEEP

      24576:Nrb9+Qk9m4dtWpjUc/MLgZ8UubI2HMaUX1Ho2Ts1D9Tf7KonkbwxAkYz:edtiUhJA2samo3RQIk

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks