General

  • Target

    6b41126a532da78cc1028b9030925a28

  • Size

    1.3MB

  • Sample

    240120-x4dk5afbgq

  • MD5

    6b41126a532da78cc1028b9030925a28

  • SHA1

    97e95696504ad250844814e9df09cc90f3d2289c

  • SHA256

    cc6f3dda34042ee5aaf3416dabb51797cb09502cb7d5481c7f3e9c2fd978b670

  • SHA512

    738a4633f4f8303b62801a5e76d62785481e8e668c0164e446fd206319ffbb54f61f079a6e366104caeb77b416b9fb579f0cb9e5becee080b9e5975f17e8c09e

  • SSDEEP

    24576:H8FGdTeNwtT15HhJpVREhatY3jAqQWT6mg1:cQ7VR+aUjEWTDq

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443

Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      6b41126a532da78cc1028b9030925a28

    • Size

      1.3MB

    • MD5

      6b41126a532da78cc1028b9030925a28

    • SHA1

      97e95696504ad250844814e9df09cc90f3d2289c

    • SHA256

      cc6f3dda34042ee5aaf3416dabb51797cb09502cb7d5481c7f3e9c2fd978b670

    • SHA512

      738a4633f4f8303b62801a5e76d62785481e8e668c0164e446fd206319ffbb54f61f079a6e366104caeb77b416b9fb579f0cb9e5becee080b9e5975f17e8c09e

    • SSDEEP

      24576:H8FGdTeNwtT15HhJpVREhatY3jAqQWT6mg1:cQ7VR+aUjEWTDq

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

MITRE ATT&CK Matrix

Tasks