General

  • Target

    492ed4aca86290ed26b43e59da1107d6

  • Size

    1.3MB

  • Sample

    240107-rgea9aggbn

  • MD5

    492ed4aca86290ed26b43e59da1107d6

  • SHA1

    20249033863037a9cec00089ea28a9d66d323276

  • SHA256

    c81a7a56db7e09ee904fc80fcc833ff83e6d42cea184edbed64970427edfc45d

  • SHA512

    e155c07d91d8acc30131b7b77b6cf3cb70c1e96737a06651c765b938d9cb0235b2e88843ce08ff694162b71a9a5d7b92548cd3e0554d789b99d0237dbf87dd9a

  • SSDEEP

    24576:DcF21NPB4mtmVpyQubtiP5hpVZ4286QTKDr:oLubAhx85TO

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      492ed4aca86290ed26b43e59da1107d6

    • Size

      1.3MB

    • MD5

      492ed4aca86290ed26b43e59da1107d6

    • SHA1

      20249033863037a9cec00089ea28a9d66d323276

    • SHA256

      c81a7a56db7e09ee904fc80fcc833ff83e6d42cea184edbed64970427edfc45d

    • SHA512

      e155c07d91d8acc30131b7b77b6cf3cb70c1e96737a06651c765b938d9cb0235b2e88843ce08ff694162b71a9a5d7b92548cd3e0554d789b99d0237dbf87dd9a

    • SSDEEP

      24576:DcF21NPB4mtmVpyQubtiP5hpVZ4286QTKDr:oLubAhx85TO

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks