General

  • Target

    4886d9d33e6049b84159ee4681c9b712

  • Size

    1.0MB

  • Sample

    240107-km727aage3

  • MD5

    4886d9d33e6049b84159ee4681c9b712

  • SHA1

    88b47e47bdc66a010769d239122203896f4b4c37

  • SHA256

    4dbfdae091635ba9e56b2b0c4b25523e5e16e373786cfaa3065e0cea730746fb

  • SHA512

    29c049e4f9df878834b74e371839198525c6a1feac89f39a6f788aebb57a5953125bc3eaa5566b9d0fc08c9a8a8db151ef292f8956bbbf6c6af4cb88b98cac99

  • SSDEEP

    24576:QQPksNtM85VTdU0p1RuahCI073sawG/2Lo:V8s/z5VTdUC10ahRssawGj

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

193.34.167.138:443

152.89.247.31:443

192.210.222.81:443

142.11.244.124:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      4886d9d33e6049b84159ee4681c9b712

    • Size

      1.0MB

    • MD5

      4886d9d33e6049b84159ee4681c9b712

    • SHA1

      88b47e47bdc66a010769d239122203896f4b4c37

    • SHA256

      4dbfdae091635ba9e56b2b0c4b25523e5e16e373786cfaa3065e0cea730746fb

    • SHA512

      29c049e4f9df878834b74e371839198525c6a1feac89f39a6f788aebb57a5953125bc3eaa5566b9d0fc08c9a8a8db151ef292f8956bbbf6c6af4cb88b98cac99

    • SSDEEP

      24576:QQPksNtM85VTdU0p1RuahCI073sawG/2Lo:V8s/z5VTdUC10ahRssawGj

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks