General

  • Target

    0ca343879edb2e360c978bc6e836ea60aa4388deac71bd05770b008faa08ca11.dll

  • Size

    1.9MB

  • Sample

    241120-cjbktasqdr

  • MD5

    12a52c8f881c9e9564d54862ab4e1d63

  • SHA1

    09571f682a5713717c0e900afce06110747e6f01

  • SHA256

    0ca343879edb2e360c978bc6e836ea60aa4388deac71bd05770b008faa08ca11

  • SHA512

    b9e747492da2591c811915adc3eb9de97abcc5560fd071043407e9da3c3c6d551c031bf9ce958012bcbc909342b4c799e5c1a5eae94c49ab1f5fb3ae207d519a

  • SSDEEP

    49152:+QU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4BoeGqfn8+nFFQCxEsJwKQv:+faNQh+NUABO/c0Y9Ad1Gqf8+gqJW

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.117.90.36:443

193.42.36.59:443

193.56.146.53:443

185.106.123.228:443

Attributes
  • embedded_hash

    07284E2A3AB3C2E1FFFBD425849BE150

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      0ca343879edb2e360c978bc6e836ea60aa4388deac71bd05770b008faa08ca11.dll

    • Size

      1.9MB

    • MD5

      12a52c8f881c9e9564d54862ab4e1d63

    • SHA1

      09571f682a5713717c0e900afce06110747e6f01

    • SHA256

      0ca343879edb2e360c978bc6e836ea60aa4388deac71bd05770b008faa08ca11

    • SHA512

      b9e747492da2591c811915adc3eb9de97abcc5560fd071043407e9da3c3c6d551c031bf9ce958012bcbc909342b4c799e5c1a5eae94c49ab1f5fb3ae207d519a

    • SSDEEP

      49152:+QU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4BoeGqfn8+nFFQCxEsJwKQv:+faNQh+NUABO/c0Y9Ad1Gqf8+gqJW

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks