General

  • Target

    157757F5065076824EA142B1E3910B51326149A0A457F986CC4270B5FEC1D319.exe

  • Size

    1.1MB

  • Sample

    240724-npfbqsxdjc

  • MD5

    3f08f2c68c3d12cf753a9d7f7f13a775

  • SHA1

    46c7ba1688f16fae39ee83818028b931f1327398

  • SHA256

    6da426e667bd9c1d5b587049fa913c41a0e150a2422aa1b01ab0a803048e37db

  • SHA512

    422c663c2bf44c07c2f71f3ddb59025d65c0f6573380873da88879014c9bac6a7e772696ecd0cdb72897885d5154446caefbec558a20104bbf994f3375c3f2ae

  • SSDEEP

    12288:q3vqr/B17jAPeQp37W9nsLx3EXWcUoHM00znmPJcWZTziS5Zugfz3xaCXBKQp6:IvqrPjALp2sdyNUCM0yGPZuEZugbWQg

Malware Config

Extracted

Family

danabot

Botnet

5

C2

23.254.217.192:443

192.236.146.173:443

23.254.133.7:443

185.62.58.85:443

Attributes
  • embedded_hash

    3CCDCA270E94321B76E2E66C454CD541

  • type

    loader

Targets

    • Target

      157757F5065076824EA142B1E3910B51326149A0A457F986CC4270B5FEC1D319.exe

    • Size

      1.1MB

    • MD5

      3f08f2c68c3d12cf753a9d7f7f13a775

    • SHA1

      46c7ba1688f16fae39ee83818028b931f1327398

    • SHA256

      6da426e667bd9c1d5b587049fa913c41a0e150a2422aa1b01ab0a803048e37db

    • SHA512

      422c663c2bf44c07c2f71f3ddb59025d65c0f6573380873da88879014c9bac6a7e772696ecd0cdb72897885d5154446caefbec558a20104bbf994f3375c3f2ae

    • SSDEEP

      12288:q3vqr/B17jAPeQp37W9nsLx3EXWcUoHM00znmPJcWZTziS5Zugfz3xaCXBKQp6:IvqrPjALp2sdyNUCM0yGPZuEZugbWQg

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks