General

  • Target

    1844e58db80a6d918498c75055a0bbbb9cfcae4025bba1eb5e66a6e5a89b338a

  • Size

    1004KB

  • Sample

    250110-zf2ddsypbj

  • MD5

    c1fc6c8b35b760999cdf974650f88d4b

  • SHA1

    1aa07dc82486cbe7cc3f3dcced293777c52760b3

  • SHA256

    1844e58db80a6d918498c75055a0bbbb9cfcae4025bba1eb5e66a6e5a89b338a

  • SHA512

    3f3d81f46933392f366d4631162670fdb64c0878b3d3d3ad8a8177fe389adbd27206123e9af5482b1ea89334ae1bf0abf4b05ab7ad11ac1c804d19d554693928

  • SSDEEP

    24576:fzsfonAloSygn50/3NgCHF4Su3Cx/YMvDql:fogAyRRTui/No

Malware Config

Extracted

Family

danabot

C2

228.15.120.44

99.219.76.170

12.213.183.157

192.71.249.51

205.98.77.185

125.34.197.184

194.79.165.43

249.251.2.4

204.211.150.155

178.209.51.211

rsa_pubkey.plain

Targets

    • Target

      1844e58db80a6d918498c75055a0bbbb9cfcae4025bba1eb5e66a6e5a89b338a

    • Size

      1004KB

    • MD5

      c1fc6c8b35b760999cdf974650f88d4b

    • SHA1

      1aa07dc82486cbe7cc3f3dcced293777c52760b3

    • SHA256

      1844e58db80a6d918498c75055a0bbbb9cfcae4025bba1eb5e66a6e5a89b338a

    • SHA512

      3f3d81f46933392f366d4631162670fdb64c0878b3d3d3ad8a8177fe389adbd27206123e9af5482b1ea89334ae1bf0abf4b05ab7ad11ac1c804d19d554693928

    • SSDEEP

      24576:fzsfonAloSygn50/3NgCHF4Su3Cx/YMvDql:fogAyRRTui/No

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks