General

  • Target

    bc4437545aa1c5bc43af88195b2f0185fc562d47e5a01ff2b9fc3724892afa33N.exe

  • Size

    1.9MB

  • Sample

    241119-q14jtaxdpm

  • MD5

    ba4e81eb335b8fd6fbc859b2422e7240

  • SHA1

    2ea0a8374e44356add8a05f9c7ed0e43905971f1

  • SHA256

    bc4437545aa1c5bc43af88195b2f0185fc562d47e5a01ff2b9fc3724892afa33

  • SHA512

    f55491a30c611c97bdc7a3a073ac26c07ddccab5e4163e41519eea4d67b6f7c51aa6636b55889ffaa9a624936ee2055ca082685d21190cabba6163c72dcdc7a1

  • SSDEEP

    49152:fQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4Bvegqfn8+nFFQCxEsJwKQh:ffaNQh+NUABO/c0Y9Adkgqf8+gqJW

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.117.90.36:443

193.42.36.59:443

193.56.146.53:443

185.106.123.228:443

Attributes
  • embedded_hash

    07284E2A3AB3C2E1FFFBD425849BE150

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      bc4437545aa1c5bc43af88195b2f0185fc562d47e5a01ff2b9fc3724892afa33N.exe

    • Size

      1.9MB

    • MD5

      ba4e81eb335b8fd6fbc859b2422e7240

    • SHA1

      2ea0a8374e44356add8a05f9c7ed0e43905971f1

    • SHA256

      bc4437545aa1c5bc43af88195b2f0185fc562d47e5a01ff2b9fc3724892afa33

    • SHA512

      f55491a30c611c97bdc7a3a073ac26c07ddccab5e4163e41519eea4d67b6f7c51aa6636b55889ffaa9a624936ee2055ca082685d21190cabba6163c72dcdc7a1

    • SSDEEP

      49152:fQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4Bvegqfn8+nFFQCxEsJwKQh:ffaNQh+NUABO/c0Y9Adkgqf8+gqJW

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks