General

  • Target

    b75d734da9368ef7fce92d842c4111a40ea3f3426ac8c67d3f3e25d89179c4d7N.exe

  • Size

    1.9MB

  • Sample

    241117-kknkrswbqd

  • MD5

    0dded543ddaa8fc513205e9261bfab80

  • SHA1

    032fb4f2f0dd646ac986f9861e680a2bb372fe13

  • SHA256

    b75d734da9368ef7fce92d842c4111a40ea3f3426ac8c67d3f3e25d89179c4d7

  • SHA512

    32d7e7b59e6838bba9538282ecb12d4a8054b0178b6b988e0849fbc8c3339a1302b2ab30079de6db798b93c12c093e5a4373bc2cf70b6452c387c5257ee9af87

  • SSDEEP

    49152:bQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4BJeOqfn8+nFFQCxEsJwKQD:bfaNQh+NUABO/c0Y9AdGOqf8+gqJW

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.117.90.36:443

193.42.36.59:443

193.56.146.53:443

185.106.123.228:443

Attributes
  • embedded_hash

    07284E2A3AB3C2E1FFFBD425849BE150

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      b75d734da9368ef7fce92d842c4111a40ea3f3426ac8c67d3f3e25d89179c4d7N.exe

    • Size

      1.9MB

    • MD5

      0dded543ddaa8fc513205e9261bfab80

    • SHA1

      032fb4f2f0dd646ac986f9861e680a2bb372fe13

    • SHA256

      b75d734da9368ef7fce92d842c4111a40ea3f3426ac8c67d3f3e25d89179c4d7

    • SHA512

      32d7e7b59e6838bba9538282ecb12d4a8054b0178b6b988e0849fbc8c3339a1302b2ab30079de6db798b93c12c093e5a4373bc2cf70b6452c387c5257ee9af87

    • SSDEEP

      49152:bQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4BJeOqfn8+nFFQCxEsJwKQD:bfaNQh+NUABO/c0Y9AdGOqf8+gqJW

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks