General

  • Target

    ce52c8f43c77ccf85cedaf6f4decc2f544074bc3d35bb2277891c1aa0c5ecedaN

  • Size

    2.5MB

  • Sample

    241103-azrwmazdqh

  • MD5

    7e27d45c423b169523dd0a3ec5ad2410

  • SHA1

    cbf3e8dac0f806015de5ca74b7adfb6d5df48a14

  • SHA256

    ce52c8f43c77ccf85cedaf6f4decc2f544074bc3d35bb2277891c1aa0c5eceda

  • SHA512

    00fa171546f05fbaac4682f0a3e6b09818f3ef11e6e86b1b980ec0b572e996b3b3f7baadda4e69e1f5ffe752bad99041feae71834d22ba6bc553c8e01c3e402a

  • SSDEEP

    49152:tgZziYTX//Y/t2Z/fZMdzUAOC5n+LlrxFTGWYKq:t0ziYTIF2Z/f6AAOGarxFTGXv

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.158.250.216:443

194.76.225.46:443

45.11.180.153:443

194.76.225.61:443

Attributes
  • embedded_hash

    AD14EA44261341E3690FA8CC1E236523

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      ce52c8f43c77ccf85cedaf6f4decc2f544074bc3d35bb2277891c1aa0c5ecedaN

    • Size

      2.5MB

    • MD5

      7e27d45c423b169523dd0a3ec5ad2410

    • SHA1

      cbf3e8dac0f806015de5ca74b7adfb6d5df48a14

    • SHA256

      ce52c8f43c77ccf85cedaf6f4decc2f544074bc3d35bb2277891c1aa0c5eceda

    • SHA512

      00fa171546f05fbaac4682f0a3e6b09818f3ef11e6e86b1b980ec0b572e996b3b3f7baadda4e69e1f5ffe752bad99041feae71834d22ba6bc553c8e01c3e402a

    • SSDEEP

      49152:tgZziYTX//Y/t2Z/fZMdzUAOC5n+LlrxFTGWYKq:t0ziYTIF2Z/f6AAOGarxFTGXv

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks