Overview

overview

10

Static

static

3

9129525b5a...8f.exe

windows7-x64

10

9129525b5a...8f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9129525b5a79a06dad5e9c6acfb72b8f

  • Size

    1.1MB

  • Sample

    240205-f6txfsdfeq

  • MD5

    9129525b5a79a06dad5e9c6acfb72b8f

  • SHA1

    1c69b60f725609b55c4e8b60b1c4cc2afb05fa97

  • SHA256

    967e08d85b9639892fd4bf4ab2d3e6fc7dcd4afe22326e4114df182c8b0a9b5e

  • SHA512

    c69c4c60ec88f1fcda7702be8f565641d3b9ea62d40a933bdf9cc1ad85f708aa89bfa672438d4bc79ff7673a7f6072edff2612e41be8712dbba605156fcff256

  • SSDEEP

    24576:O49I0d14BsA6i8vzE/WaWSlOXeLuvNH7mE+FMgbZ//u+lD8f2bQR1N:OsAsDiCg+WOXpHKFMgbZXukD8fw

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443
Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      9129525b5a79a06dad5e9c6acfb72b8f

    • Size

      1.1MB

    • MD5

      9129525b5a79a06dad5e9c6acfb72b8f

    • SHA1

      1c69b60f725609b55c4e8b60b1c4cc2afb05fa97

    • SHA256

      967e08d85b9639892fd4bf4ab2d3e6fc7dcd4afe22326e4114df182c8b0a9b5e

    • SHA512

      c69c4c60ec88f1fcda7702be8f565641d3b9ea62d40a933bdf9cc1ad85f708aa89bfa672438d4bc79ff7673a7f6072edff2612e41be8712dbba605156fcff256

    • SSDEEP

      24576:O49I0d14BsA6i8vzE/WaWSlOXeLuvNH7mE+FMgbZ//u+lD8f2bQR1N:OsAsDiCg+WOXpHKFMgbZXukD8fw

    Score
    10/10
    danabot4bankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks