General

  • Target

    67bfbb82f21c792ce7ee27d42e255823

  • Size

    1.2MB

  • Sample

    240119-qwq3xsfaam

  • MD5

    67bfbb82f21c792ce7ee27d42e255823

  • SHA1

    5e649d7e96644b26bbe9ac49885bab651d4e279a

  • SHA256

    d4af0c3cc5fb2391aa0746e5b6d35fccc4141f1e63e10e9a908d250c6ae75ebf

  • SHA512

    bc16535461899dd6080fd6641da9e12ee62127535dca46eb4f03d898860dee2219051510919d20097690d6c41a49b63d504304782e6e9b4e4b4652924c9a62ee

  • SSDEEP

    24576:iAVpRRCWelZGpxl2T0Qb8+LlkDZUfFrzVLDKBvgHNI:MDfGpx8b8ml7FrVDKBANI

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      67bfbb82f21c792ce7ee27d42e255823

    • Size

      1.2MB

    • MD5

      67bfbb82f21c792ce7ee27d42e255823

    • SHA1

      5e649d7e96644b26bbe9ac49885bab651d4e279a

    • SHA256

      d4af0c3cc5fb2391aa0746e5b6d35fccc4141f1e63e10e9a908d250c6ae75ebf

    • SHA512

      bc16535461899dd6080fd6641da9e12ee62127535dca46eb4f03d898860dee2219051510919d20097690d6c41a49b63d504304782e6e9b4e4b4652924c9a62ee

    • SSDEEP

      24576:iAVpRRCWelZGpxl2T0Qb8+LlkDZUfFrzVLDKBvgHNI:MDfGpx8b8ml7FrVDKBANI

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks