General

  • Target

    2736-4-0x0000000001EA0000-0x0000000002094000-memory.dmp

  • Size

    2.0MB

  • MD5

    37251be19e30189673197f9627536be0

  • SHA1

    32a59c0a645fcc38b5c743dbb2e4d6e2f0471f15

  • SHA256

    f5af3b6959dc0df98e1ba546adc23811ab1f0d9568de5b795f5b50b70b6f624d

  • SHA512

    ba520fb6f322ac015d64bb06e754294f54f536108fb25b0dda3018a0c67345f1ea65d7228f6363d5978fbb8a31d333d9581086cddd48e4f7954af955a2290ff1

  • SSDEEP

    49152:OWPKYJVH/aMXKRDD9HkzTnPxQ6kcpTI/+zxqfn8+nFFQCxEsJwKQ5:OGKYJVH/aMXKRDD9HkzTPxQ6tzxqf8+W

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.117.90.36:443

193.42.36.59:443

193.56.146.53:443

185.106.123.228:443

Attributes
  • embedded_hash

    07284E2A3AB3C2E1FFFBD425849BE150

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot Loader Component 1 IoCs
  • Danabot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 2736-4-0x0000000001EA0000-0x0000000002094000-memory.dmp
    .dll windows:5 windows x86 arch:x86


    Headers

    Sections