General

  • Target

    3BA40AB5AA74DC76522942BAE0793E51.dll

  • Size

    1.9MB

  • Sample

    241103-bz81ks1fjk

  • MD5

    3ba40ab5aa74dc76522942bae0793e51

  • SHA1

    e59857ad8b2f560be38e62c4006b6498569dbbd3

  • SHA256

    94c5cf35160062b5810c8839d94a5ff27c16e43435376bc4a79693c9879aee0b

  • SHA512

    7aae7c27ba029c79de7f107c926a086389ba1c194342b8e308a3d50cd2d9937740e3cdb041c3f2e2512764322548220a79c9c82e260c2da63edaf8fff0e8cbf9

  • SSDEEP

    49152:FQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4Bwezqfn8+nFFQCxEsJwKQs:FfaNQh+NUABO/c0Y9Adxzqf8+gqJW

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.117.90.36:443

193.42.36.59:443

193.56.146.53:443

185.106.123.228:443

Attributes
  • embedded_hash

    07284E2A3AB3C2E1FFFBD425849BE150

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      3BA40AB5AA74DC76522942BAE0793E51.dll

    • Size

      1.9MB

    • MD5

      3ba40ab5aa74dc76522942bae0793e51

    • SHA1

      e59857ad8b2f560be38e62c4006b6498569dbbd3

    • SHA256

      94c5cf35160062b5810c8839d94a5ff27c16e43435376bc4a79693c9879aee0b

    • SHA512

      7aae7c27ba029c79de7f107c926a086389ba1c194342b8e308a3d50cd2d9937740e3cdb041c3f2e2512764322548220a79c9c82e260c2da63edaf8fff0e8cbf9

    • SSDEEP

      49152:FQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4Bwezqfn8+nFFQCxEsJwKQs:FfaNQh+NUABO/c0Y9Adxzqf8+gqJW

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks