Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/D...

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/Dfmaaa/MEMZ-virus

  • Sample

    240806-vl9jqsvbpp

Score
10/10
danabotaspackv2bankerbotnetdiscoverymacrotrojanxlm

Malware Config

Extracted

Family

danabot

C2

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204
rsa_pubkey.plain

Targets

    • Target

      https://github.com/Dfmaaa/MEMZ-virus

    Score
    10/10
    danabotaspackv2bankerbotnetdiscoverymacrotrojanxlm

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Suspicious Office macro

      Office document equipped with 4.0 macros.

      macroxlm

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks