General

  • Target

    59b94f047d6cb4b71494441252ea4ca7

  • Size

    1.3MB

  • Sample

    240113-3s15yahca5

  • MD5

    59b94f047d6cb4b71494441252ea4ca7

  • SHA1

    5e624d1a15f62a9d02c7fb0460e42c9cb3a9c5cb

  • SHA256

    39ef5413ff4fcb498060d30e72a72722fc53b9c8ec19644ee0270bcd74491456

  • SHA512

    4c261a87073b8281be18f29287a7f228b70ccb292da164f7c8dc064ee34f8dfc280b92c50686189663d2a436e420d22dc41278ea5367ed3caf8d4b880333ebf4

  • SSDEEP

    24576:jcF2a0LmZKON/0PKGitIJyIWd1JWt0NVASN1RiZk66Tq83a:IAkRJWqck66Tv

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      59b94f047d6cb4b71494441252ea4ca7

    • Size

      1.3MB

    • MD5

      59b94f047d6cb4b71494441252ea4ca7

    • SHA1

      5e624d1a15f62a9d02c7fb0460e42c9cb3a9c5cb

    • SHA256

      39ef5413ff4fcb498060d30e72a72722fc53b9c8ec19644ee0270bcd74491456

    • SHA512

      4c261a87073b8281be18f29287a7f228b70ccb292da164f7c8dc064ee34f8dfc280b92c50686189663d2a436e420d22dc41278ea5367ed3caf8d4b880333ebf4

    • SSDEEP

      24576:jcF2a0LmZKON/0PKGitIJyIWd1JWt0NVASN1RiZk66Tq83a:IAkRJWqck66Tv

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks