General

  • Target

    594a01db0a35bdebb7ed68dc99492d11

  • Size

    1.3MB

  • Sample

    240113-v1fvzaeaf8

  • MD5

    594a01db0a35bdebb7ed68dc99492d11

  • SHA1

    a1bc6233c2db3d8e9e2c80f19f17fed36ea3c716

  • SHA256

    194747dde34eee13a778cc1d46798df62ec53e1db2d3e374264db8da9798f4c5

  • SHA512

    376a669a74a0303be3536e5fd80f0da7e9ad75e76aabaf7626ce013a967b96ed85dc62312d8ae76ef40797eda123cf8bd2a9dd6abff3895d1794d6227f9cfb23

  • SSDEEP

    24576:NcF2f8wz+4UI1IXuQr1B76XPgQ2REackn0aTfYSXVm:uzVr1B7GGR3LTE

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      594a01db0a35bdebb7ed68dc99492d11

    • Size

      1.3MB

    • MD5

      594a01db0a35bdebb7ed68dc99492d11

    • SHA1

      a1bc6233c2db3d8e9e2c80f19f17fed36ea3c716

    • SHA256

      194747dde34eee13a778cc1d46798df62ec53e1db2d3e374264db8da9798f4c5

    • SHA512

      376a669a74a0303be3536e5fd80f0da7e9ad75e76aabaf7626ce013a967b96ed85dc62312d8ae76ef40797eda123cf8bd2a9dd6abff3895d1794d6227f9cfb23

    • SSDEEP

      24576:NcF2f8wz+4UI1IXuQr1B76XPgQ2REackn0aTfYSXVm:uzVr1B7GGR3LTE

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks