General

  • Target

    641bc5afebcd811f045c2c5451105fc6

  • Size

    1.3MB

  • Sample

    240118-bqnnaaafh9

  • MD5

    641bc5afebcd811f045c2c5451105fc6

  • SHA1

    caf21503abda09818d06d6d30b72ed3a79a03650

  • SHA256

    cdba2d1ba3657fc66431e23fcda01f493f1e66bc554dee52f1865135b60ac7b1

  • SHA512

    7701daa6b825fae999118e837b8f747838e82e565785e5e28eb677a630702cfd20f3c3dfe185e569e6e18c583dc77de9b73492a93378d3441d20d43dc833ad36

  • SSDEEP

    12288:Ns8Fy+Hu9nN4vYH2a7Ncf04W2O/SYOsm99UX1kTeMRsHQ0:S8FGyvFaRg04W2O6YOsm993TeMyH

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

192.210.222.81:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      641bc5afebcd811f045c2c5451105fc6

    • Size

      1.3MB

    • MD5

      641bc5afebcd811f045c2c5451105fc6

    • SHA1

      caf21503abda09818d06d6d30b72ed3a79a03650

    • SHA256

      cdba2d1ba3657fc66431e23fcda01f493f1e66bc554dee52f1865135b60ac7b1

    • SHA512

      7701daa6b825fae999118e837b8f747838e82e565785e5e28eb677a630702cfd20f3c3dfe185e569e6e18c583dc77de9b73492a93378d3441d20d43dc833ad36

    • SSDEEP

      12288:Ns8Fy+Hu9nN4vYH2a7Ncf04W2O/SYOsm99UX1kTeMRsHQ0:S8FGyvFaRg04W2O6YOsm993TeMyH

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks