General

  • Target

    876b5319199f8e1cf0e410d352af83ffa2aa9b84c1f4ca5976b89530702e4d76.exe

  • Size

    1.1MB

  • Sample

    240725-e3h54sydqn

  • MD5

    2e50294022bae9ad9b8dbfc8d1b01b3a

  • SHA1

    e3a4505f86286b1512229df67420358a29d8f953

  • SHA256

    876b5319199f8e1cf0e410d352af83ffa2aa9b84c1f4ca5976b89530702e4d76

  • SHA512

    9441a1979a93f6b3b7dde697e11529b3e31ee14c370db1ecc3884393b78a1082453e2625758209bc066e0da622848d07d423719047c303b282e2f421b2863823

  • SSDEEP

    24576:bLgcPCgLy06q0eHwkLQFI7UWE8QUNaToFVGPfN0:bsrgeoYyREwNaToFVGPO

Malware Config

Extracted

Family

danabot

Botnet

5

C2

23.254.217.192:443

192.236.146.173:443

23.254.133.7:443

185.62.58.85:443

Attributes
  • embedded_hash

    3CCDCA270E94321B76E2E66C454CD541

  • type

    loader

Targets

    • Target

      876b5319199f8e1cf0e410d352af83ffa2aa9b84c1f4ca5976b89530702e4d76.exe

    • Size

      1.1MB

    • MD5

      2e50294022bae9ad9b8dbfc8d1b01b3a

    • SHA1

      e3a4505f86286b1512229df67420358a29d8f953

    • SHA256

      876b5319199f8e1cf0e410d352af83ffa2aa9b84c1f4ca5976b89530702e4d76

    • SHA512

      9441a1979a93f6b3b7dde697e11529b3e31ee14c370db1ecc3884393b78a1082453e2625758209bc066e0da622848d07d423719047c303b282e2f421b2863823

    • SSDEEP

      24576:bLgcPCgLy06q0eHwkLQFI7UWE8QUNaToFVGPfN0:bsrgeoYyREwNaToFVGPO

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Blocklisted process makes network request

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks