General

  • Target

    6b60f7cbc0c04e3110ea9da7f9321fe3

  • Size

    1.1MB

  • Sample

    240120-y5eegsgdd3

  • MD5

    6b60f7cbc0c04e3110ea9da7f9321fe3

  • SHA1

    5051291ed1160c0f5bdd79f1d5706807f2d7512b

  • SHA256

    73330db1f35105b797d13d85b7e372cd0fc8a7eab0ed05ba1d864457d0e7666c

  • SHA512

    bf61735f3ee94390c69348dbe9c78bc0a1d56e7c64ce2b9ecedd10147ccb6db8aed677f24a8d32fabc8ab308ab33861d4eb383addcc1ec43d7bbcd453b943b0c

  • SSDEEP

    24576:RIcECYHIt8+5eZ+conosN6FOf8qtRfJ6a6BPA:RIxvHrSEcJgU8yfJ6NBI

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      6b60f7cbc0c04e3110ea9da7f9321fe3

    • Size

      1.1MB

    • MD5

      6b60f7cbc0c04e3110ea9da7f9321fe3

    • SHA1

      5051291ed1160c0f5bdd79f1d5706807f2d7512b

    • SHA256

      73330db1f35105b797d13d85b7e372cd0fc8a7eab0ed05ba1d864457d0e7666c

    • SHA512

      bf61735f3ee94390c69348dbe9c78bc0a1d56e7c64ce2b9ecedd10147ccb6db8aed677f24a8d32fabc8ab308ab33861d4eb383addcc1ec43d7bbcd453b943b0c

    • SSDEEP

      24576:RIcECYHIt8+5eZ+conosN6FOf8qtRfJ6a6BPA:RIxvHrSEcJgU8yfJ6NBI

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks