General

  • Target

    3b8c587d58caa4d5d8ab51b6bc4609b3540290e385112fdd97c015f2a6b1a033N.exe

  • Size

    1.9MB

  • Sample

    241119-cbqprsymdw

  • MD5

    910129676346c7accb2d7ed3e12ee990

  • SHA1

    0257381f63fac6d658cf68c28f7e818a529535b8

  • SHA256

    3b8c587d58caa4d5d8ab51b6bc4609b3540290e385112fdd97c015f2a6b1a033

  • SHA512

    760cce9a94fff5e1eeb196e776f1c867367aa88aa51e39c309c272594f8bdb1eceeaf5d9745b4c5beaa9b2717ea4f32aca8884f49aa33e61fe66cd25263b22c6

  • SSDEEP

    49152:UQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4BMesqfn8+nFFQCxEsJwKQd:UfaNQh+NUABO/c0Y9AdVsqf8+gqJW

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.117.90.36:443

193.42.36.59:443

193.56.146.53:443

185.106.123.228:443

Attributes
  • embedded_hash

    07284E2A3AB3C2E1FFFBD425849BE150

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      3b8c587d58caa4d5d8ab51b6bc4609b3540290e385112fdd97c015f2a6b1a033N.exe

    • Size

      1.9MB

    • MD5

      910129676346c7accb2d7ed3e12ee990

    • SHA1

      0257381f63fac6d658cf68c28f7e818a529535b8

    • SHA256

      3b8c587d58caa4d5d8ab51b6bc4609b3540290e385112fdd97c015f2a6b1a033

    • SHA512

      760cce9a94fff5e1eeb196e776f1c867367aa88aa51e39c309c272594f8bdb1eceeaf5d9745b4c5beaa9b2717ea4f32aca8884f49aa33e61fe66cd25263b22c6

    • SSDEEP

      49152:UQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4BMesqfn8+nFFQCxEsJwKQd:UfaNQh+NUABO/c0Y9AdVsqf8+gqJW

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks