General

  • Target

    751f5e9792c7dc915852167ef26bccb8

  • Size

    1.2MB

  • Sample

    240125-wacw3abhg4

  • MD5

    751f5e9792c7dc915852167ef26bccb8

  • SHA1

    309c133c89120b879224273967e1935f93bdd3ad

  • SHA256

    d876e1d5484e794c97573bb5e21ccd4cbb0d82abb2af83c2e4bb765caad8d43e

  • SHA512

    741b56f070d4cccfcb84da0ec5bacc87d43a236a5b565fa54781f5e11eccd5b70aae68002de9538db1ba6b216b750f8a340a0d490f1e6ac5433265a2cb5b37b5

  • SSDEEP

    24576:tkd3TK2y6Rg1Z55FkU3XfUHwdluBdZVKP4D/OPsOpF:tKDy6Rg1BqOUGlWGP4DosOp

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      751f5e9792c7dc915852167ef26bccb8

    • Size

      1.2MB

    • MD5

      751f5e9792c7dc915852167ef26bccb8

    • SHA1

      309c133c89120b879224273967e1935f93bdd3ad

    • SHA256

      d876e1d5484e794c97573bb5e21ccd4cbb0d82abb2af83c2e4bb765caad8d43e

    • SHA512

      741b56f070d4cccfcb84da0ec5bacc87d43a236a5b565fa54781f5e11eccd5b70aae68002de9538db1ba6b216b750f8a340a0d490f1e6ac5433265a2cb5b37b5

    • SSDEEP

      24576:tkd3TK2y6Rg1Z55FkU3XfUHwdluBdZVKP4D/OPsOpF:tKDy6Rg1BqOUGlWGP4DosOp

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Kinsing

      Kinsing is a loader written in Golang.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks