General

  • Target

    a75f0ee7a2d908811e20d66b2bb8f7849676901e6448ad4f12b2a7b299fd006f.dll

  • Size

    1.9MB

  • Sample

    241120-dpnyrszfqm

  • MD5

    32bd6ec36e8382ea9a0c11e2b2b71bba

  • SHA1

    066b600eeeb3ebfe3a6bb2f1baee688ebe4ff5ab

  • SHA256

    a75f0ee7a2d908811e20d66b2bb8f7849676901e6448ad4f12b2a7b299fd006f

  • SHA512

    813815627d4b5d3999cb65e37cadb41348a723c64a44e08393442e16c0f5c9f194cdcc49e173da2b7192a05b0f6a874f80885ad937016a84f6e6a9bb671396fa

  • SSDEEP

    49152:hQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4BAenqfn8+nFFQCxEsJwKQY:hfaNQh+NUABO/c0Y9Adlnqf8+gqJW

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.117.90.36:443

193.42.36.59:443

193.56.146.53:443

185.106.123.228:443

Attributes
  • embedded_hash

    07284E2A3AB3C2E1FFFBD425849BE150

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      a75f0ee7a2d908811e20d66b2bb8f7849676901e6448ad4f12b2a7b299fd006f.dll

    • Size

      1.9MB

    • MD5

      32bd6ec36e8382ea9a0c11e2b2b71bba

    • SHA1

      066b600eeeb3ebfe3a6bb2f1baee688ebe4ff5ab

    • SHA256

      a75f0ee7a2d908811e20d66b2bb8f7849676901e6448ad4f12b2a7b299fd006f

    • SHA512

      813815627d4b5d3999cb65e37cadb41348a723c64a44e08393442e16c0f5c9f194cdcc49e173da2b7192a05b0f6a874f80885ad937016a84f6e6a9bb671396fa

    • SSDEEP

      49152:hQU1aLhQhG5NUAgoOa8nBc0SmmdWwMLwktw4BAenqfn8+nFFQCxEsJwKQY:hfaNQh+NUABO/c0Y9Adlnqf8+gqJW

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks