General

  • Target

    39606d8246d519da605f119468ad19285d7b97d0.dll

  • Size

    1.9MB

  • Sample

    241119-n3grqavhpg

  • MD5

    86d5c0f39910e7bc8ba381e31703a471

  • SHA1

    39606d8246d519da605f119468ad19285d7b97d0

  • SHA256

    6a09ee5350e638bf610c55fa482291da4f40e1ffb4d2b4ff09308ffc2ab64586

  • SHA512

    0d3987d906cee5d7ca726da55fe0a02c6995e82f88691bff2fe9e0e95b7851508c028dff64a92da50d36ac1970fa30d5397d222031db7b8ec47bf9600396bd61

  • SSDEEP

    49152:jQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4BNe7qfn8+nFFQCxEsJwKQA:jfaNQh+NUABO/c0Y9AdS7qf8+gqJW

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.117.90.36:443

193.42.36.59:443

193.56.146.53:443

185.106.123.228:443

Attributes
  • embedded_hash

    07284E2A3AB3C2E1FFFBD425849BE150

  • type

    loader

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCy6rVrvFlRf2eGLSAeCcS7mIY7
3
GjjVUELrydrd/T/XRQCKMlPOMPV6qiD9EcgC2AtYCB+qP7L2exDyV057W62hQX57
4
tnYmIN63NcTmBlyXdYCJfqzcL/nPUcOeBIW9GEA6LOiNxnE/PqVok+d8MQiF9jDZ
5
SymLY1bRu0xu6yQQrwIDAQAB
6
-----END PUBLIC KEY-----
rsa_privkey.plain
1
-----BEGIN PRIVATE KEY-----
2
MIICdQIBADANBgkqhkiG9w0BAQEFAASCAl8wggJbAgEAAoGBAJhbOi5qswxXxnmM
3
DPVY8jUe2Qt3DqmwueqXI5AYqDWqLxzlr1KbUzAeAAi3Y26tme7rLoBZsl7wDBuQ
4
e7OqD1oqggh/kCzU//0+U9IAI/AY9/cydPPWR19aKEF+L/lOGCqQLZurHM7oMtVd
5
wAjgLh+ghkbA7u3M0qdUp6HH1j2/AgMBAAECgYALLf6J82hqCnLU7nLw+fLj9PyG
6
O9lGmGI8FZUVeMm3DmLgovYHgMBM8pacDSDtuS1ne7hw0KQnFUQ+LY72Mw9nOFFf
7
1ZfzBeQJq38PBo9nCdkzUwrc+xKVUWfIsUgu9O/ZmzfX+yhZP8QHRAhu8z8yvK+w
8
M162pWvxX10NMDp7sQJBALd9QQqCFd6IrF65OVVP1bGaAyjwp169vRHFsHmcIUau
9
CW134bgjcB3Z2rgGTJECfRqCbnEDKbZmVX7AyjPd+wkCQQDUkGcNlKGXY0Uv11x7
10
AIVxalj0esTHMrxrx6bXEcgbEWnZVILn1Ku07tRsJJN/BPz5MJEwaUos9ni7opE9

Targets

    • Target

      39606d8246d519da605f119468ad19285d7b97d0.dll

    • Size

      1.9MB

    • MD5

      86d5c0f39910e7bc8ba381e31703a471

    • SHA1

      39606d8246d519da605f119468ad19285d7b97d0

    • SHA256

      6a09ee5350e638bf610c55fa482291da4f40e1ffb4d2b4ff09308ffc2ab64586

    • SHA512

      0d3987d906cee5d7ca726da55fe0a02c6995e82f88691bff2fe9e0e95b7851508c028dff64a92da50d36ac1970fa30d5397d222031db7b8ec47bf9600396bd61

    • SSDEEP

      49152:jQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4BNe7qfn8+nFFQCxEsJwKQA:jfaNQh+NUABO/c0Y9AdS7qf8+gqJW

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.