General

  • Target

    0x0009000000012266-11.dat

  • Size

    1.3MB

  • Sample

    250209-szh8lavpgp

  • MD5

    506620e40b76249821ec15895f5a7916

  • SHA1

    c988fc38bcd21bb2e75db9362d8800b20d5d2f27

  • SHA256

    f98d18b321524bb09b2fd4436bbe0cb5a7ab628a84b18978fdfa5cc7e398b545

  • SHA512

    8910e2434c1f1101b42e03a0231270fcfc36f0eda6b4ee6a8b83268c49c3f2bf09e6555e3501bb46be67e6b4b6f776f0d007a402734207d1d2384c853d2a7d30

  • SSDEEP

    24576:L8FGeruL1+ezun8kGrmlq04EvGfoKFoPeZtTvl+kYtjY:QxbnOfoK1DT3ic

Malware Config

Extracted

Family

danabot

Botnet

5

C2

192.210.222.81:443

5.9.224.204:443

192.255.166.212:443

Attributes
  • embedded_hash

    100700D372965A717E89B8C909E1D8D4

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      0x0009000000012266-11.dat

    • Size

      1.3MB

    • MD5

      506620e40b76249821ec15895f5a7916

    • SHA1

      c988fc38bcd21bb2e75db9362d8800b20d5d2f27

    • SHA256

      f98d18b321524bb09b2fd4436bbe0cb5a7ab628a84b18978fdfa5cc7e398b545

    • SHA512

      8910e2434c1f1101b42e03a0231270fcfc36f0eda6b4ee6a8b83268c49c3f2bf09e6555e3501bb46be67e6b4b6f776f0d007a402734207d1d2384c853d2a7d30

    • SSDEEP

      24576:L8FGeruL1+ezun8kGrmlq04EvGfoKFoPeZtTvl+kYtjY:QxbnOfoK1DT3ic

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Danabot family

    • Blocklisted process makes network request

    • Downloads MZ/PE file

MITRE ATT&CK Enterprise v15

Tasks