General

  • Target

    635dc0214d9796bd708e3a3cd296fb17

  • Size

    1.3MB

  • Sample

    240117-xspt1sdea9

  • MD5

    635dc0214d9796bd708e3a3cd296fb17

  • SHA1

    cf8bfbe7188b7bb2ce820a88ed3043532d3290f1

  • SHA256

    34f539f5133c1dc40eb7c15c4eb65dcb4d01b40255c361fba750a97766c8fb64

  • SHA512

    cd06b8f8b09d435efed6184b534a816556782a88bba767abb572ae4f036c925f818aa0f81ccbfe265e48f80fbc00c74e82b214782f9b950dbd743a04d5503da9

  • SSDEEP

    24576:h8pWEmpmXXwr8gxKmuasnXbWeLy4j61ehxTmnxfC:ChHaoWeN6GTmxf

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

192.210.222.81:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      635dc0214d9796bd708e3a3cd296fb17

    • Size

      1.3MB

    • MD5

      635dc0214d9796bd708e3a3cd296fb17

    • SHA1

      cf8bfbe7188b7bb2ce820a88ed3043532d3290f1

    • SHA256

      34f539f5133c1dc40eb7c15c4eb65dcb4d01b40255c361fba750a97766c8fb64

    • SHA512

      cd06b8f8b09d435efed6184b534a816556782a88bba767abb572ae4f036c925f818aa0f81ccbfe265e48f80fbc00c74e82b214782f9b950dbd743a04d5503da9

    • SSDEEP

      24576:h8pWEmpmXXwr8gxKmuasnXbWeLy4j61ehxTmnxfC:ChHaoWeN6GTmxf

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks