General

  • Target

    5a57240c704d6f4934fc36e8fbcf4862

  • Size

    1.0MB

  • Sample

    240114-fkva4acdgk

  • MD5

    5a57240c704d6f4934fc36e8fbcf4862

  • SHA1

    9c963d48c74699011fcc439fd86c233b6b0c2810

  • SHA256

    ac783ad55fbc3133892c6df4490d701b9493020971c95dae47983721115d6842

  • SHA512

    83c2b845f649e339549c69c3fd1c5d628eb3313013846de4be6b55e081befb1f3690896ea3f616f0d24b4c49545f5a709b2091442c7096534805b5def01e1b68

  • SSDEEP

    24576:0D7ggsk7I9/2LRoLBI35X9IyDm7HNciEwK:Ua2eLBW5tIVi

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

193.34.167.138:443

152.89.247.31:443

192.210.222.81:443

142.11.244.124:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      5a57240c704d6f4934fc36e8fbcf4862

    • Size

      1.0MB

    • MD5

      5a57240c704d6f4934fc36e8fbcf4862

    • SHA1

      9c963d48c74699011fcc439fd86c233b6b0c2810

    • SHA256

      ac783ad55fbc3133892c6df4490d701b9493020971c95dae47983721115d6842

    • SHA512

      83c2b845f649e339549c69c3fd1c5d628eb3313013846de4be6b55e081befb1f3690896ea3f616f0d24b4c49545f5a709b2091442c7096534805b5def01e1b68

    • SSDEEP

      24576:0D7ggsk7I9/2LRoLBI35X9IyDm7HNciEwK:Ua2eLBW5tIVi

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks