General

  • Target

    d68e145ac63ec0be07dcf0160a3b512a417a4ee0c8f35240585ae9b13b636684

  • Size

    2.5MB

  • Sample

    241030-fzx1jaxdle

  • MD5

    3d79bcdd760f59d372f10fe9aef8544c

  • SHA1

    381a92fec06df17abfda0acbedd16567d1500299

  • SHA256

    d68e145ac63ec0be07dcf0160a3b512a417a4ee0c8f35240585ae9b13b636684

  • SHA512

    f686498381a9341ddf4bc1616f6b06defbfa808ef5fcdde4f7be8113dd13ee5f146b3c032a08e11abaea0dff99baef0be4c4db082e409056364fe516e621e2c0

  • SSDEEP

    49152:TgZziYTf//Y7t2Z/fZMdzUAOC5n+LlrxFTGWsKq:T0ziYTgZ2Z/f6AAOGarxFTGLv

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.158.250.216:443

194.76.225.46:443

45.11.180.153:443

194.76.225.61:443

Attributes
  • embedded_hash

    AD14EA44261341E3690FA8CC1E236523

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      d68e145ac63ec0be07dcf0160a3b512a417a4ee0c8f35240585ae9b13b636684

    • Size

      2.5MB

    • MD5

      3d79bcdd760f59d372f10fe9aef8544c

    • SHA1

      381a92fec06df17abfda0acbedd16567d1500299

    • SHA256

      d68e145ac63ec0be07dcf0160a3b512a417a4ee0c8f35240585ae9b13b636684

    • SHA512

      f686498381a9341ddf4bc1616f6b06defbfa808ef5fcdde4f7be8113dd13ee5f146b3c032a08e11abaea0dff99baef0be4c4db082e409056364fe516e621e2c0

    • SSDEEP

      49152:TgZziYTf//Y7t2Z/fZMdzUAOC5n+LlrxFTGWsKq:T0ziYTgZ2Z/f6AAOGarxFTGLv

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks