General

  • Target

    5f47b2e2cdf0d06c448b5e5d2ef104f5

  • Size

    1.3MB

  • Sample

    240116-h1r7sagcb3

  • MD5

    5f47b2e2cdf0d06c448b5e5d2ef104f5

  • SHA1

    8424ffbd785260617369c8697f19bdfccb37f10b

  • SHA256

    c1da55d915e13a88e33222821397da73a176473d634b8d4015cc2487c3f5f342

  • SHA512

    336cc8952f1081b961a98f919c239961c8e69003002e07a1794307dd62f733574685b309837f788f71a7febb45b7ac58dfcce7954c1776c636440400cdec47b5

  • SSDEEP

    24576:tcFPyJEbH8vxamp+CQ/Sg86WLxdVjVg9R/h+pTBq0:On12Nd8970T

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      5f47b2e2cdf0d06c448b5e5d2ef104f5

    • Size

      1.3MB

    • MD5

      5f47b2e2cdf0d06c448b5e5d2ef104f5

    • SHA1

      8424ffbd785260617369c8697f19bdfccb37f10b

    • SHA256

      c1da55d915e13a88e33222821397da73a176473d634b8d4015cc2487c3f5f342

    • SHA512

      336cc8952f1081b961a98f919c239961c8e69003002e07a1794307dd62f733574685b309837f788f71a7febb45b7ac58dfcce7954c1776c636440400cdec47b5

    • SSDEEP

      24576:tcFPyJEbH8vxamp+CQ/Sg86WLxdVjVg9R/h+pTBq0:On12Nd8970T

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks