General

  • Target

    49307379039f3d54e5b706dbb1ca5089

  • Size

    1.3MB

  • Sample

    240107-rhvpmahhe9

  • MD5

    49307379039f3d54e5b706dbb1ca5089

  • SHA1

    dbf6f4265ae127d73bcbc17aa4779b3c8b22758e

  • SHA256

    725367b6c82010d3f15f4ff7e1f73f68cbc68321fd98926dc4428b2d91a0b227

  • SHA512

    b80d87edaf89a15f13227086c7a709e5c0d0879a8f1493e740dcbb9eed8dcd6fd1f262f051313d0360e74012af98960e43955bbc0f0925e9735e0d27f3780dfc

  • SSDEEP

    24576:ccF2J0m0JK+8sovEKeGvACuCgoDbPYqzL2qO5TTuMCJ:faOGvAbfoXXLGT2J

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      49307379039f3d54e5b706dbb1ca5089

    • Size

      1.3MB

    • MD5

      49307379039f3d54e5b706dbb1ca5089

    • SHA1

      dbf6f4265ae127d73bcbc17aa4779b3c8b22758e

    • SHA256

      725367b6c82010d3f15f4ff7e1f73f68cbc68321fd98926dc4428b2d91a0b227

    • SHA512

      b80d87edaf89a15f13227086c7a709e5c0d0879a8f1493e740dcbb9eed8dcd6fd1f262f051313d0360e74012af98960e43955bbc0f0925e9735e0d27f3780dfc

    • SSDEEP

      24576:ccF2J0m0JK+8sovEKeGvACuCgoDbPYqzL2qO5TTuMCJ:faOGvAbfoXXLGT2J

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks