General

  • Target

    5f6df8db48f0651d13a8618db5cfda3e

  • Size

    1.1MB

  • Sample

    240116-ke3gqsgbbq

  • MD5

    5f6df8db48f0651d13a8618db5cfda3e

  • SHA1

    6019289e5ce3649f754f6d6252e09a754911ba9e

  • SHA256

    3ee5f1884ca0261665ff87cc41c7aa590aaac03b3f53dd8edfdaeefc42f869c1

  • SHA512

    bc55b589192e78eb2592d15956f328b4b05db2f16831dcc950f881f232513bf07d87bd2e1dff8b9a23b7bf4d8e05a6d3225b7b179bf010f5fd96acfcdd00a302

  • SSDEEP

    12288:Kgh4+H97BRc8sFd8cboPc8+3EWS4LGW/BA9tHH4rlErvAs/RGN2ac9zHR/NTi5BZ:1BHjRcdunAHJ5stHogzzzHRFuDOVzJu

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

193.34.167.138:443

152.89.247.31:443

192.210.222.81:443

142.11.244.124:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      5f6df8db48f0651d13a8618db5cfda3e

    • Size

      1.1MB

    • MD5

      5f6df8db48f0651d13a8618db5cfda3e

    • SHA1

      6019289e5ce3649f754f6d6252e09a754911ba9e

    • SHA256

      3ee5f1884ca0261665ff87cc41c7aa590aaac03b3f53dd8edfdaeefc42f869c1

    • SHA512

      bc55b589192e78eb2592d15956f328b4b05db2f16831dcc950f881f232513bf07d87bd2e1dff8b9a23b7bf4d8e05a6d3225b7b179bf010f5fd96acfcdd00a302

    • SSDEEP

      12288:Kgh4+H97BRc8sFd8cboPc8+3EWS4LGW/BA9tHH4rlErvAs/RGN2ac9zHR/NTi5BZ:1BHjRcdunAHJ5stHogzzzHRFuDOVzJu

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks