danabot | 62b40c9410bbc2f6b7c1d7d2866ba616452a36ecb16673e6a41ec5a012262648 | Triage

Sharing

General

Target

2248-324-0x00000000021D0000-0x000000000243B000-memory.dmp
Size

2.4MB
Sample

250325-ttqwxsywfv
MD5

67680492a466967bc97257b2b4dcf4f6
SHA1

fc1582552cb3910507016ed2ffd840b56a0d2e46
SHA256

62b40c9410bbc2f6b7c1d7d2866ba616452a36ecb16673e6a41ec5a012262648
SHA512

6c0177f96c2daa3dba48ace0bdcc95048b2f83e1c88f9401e2c3c51a944c45b32ca441ea03b922f33de0315efd47cac7e31b081a4c02d3f81f4b3385df15ac73
SSDEEP

49152:WHMvfBaEea526oSp4Yl9jtixmXo7I3fOi:WMh5oYlHiIok3mi

Score

10^/10

danabot botnet discovery

Malware Config

Extracted

Family

danabot

C2

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Targets

- Target
  
  2248-324-0x00000000021D0000-0x000000000243B000-memory.dmp
- Size
  
  2.4MB
- MD5
  
  67680492a466967bc97257b2b4dcf4f6
- SHA1
  
  fc1582552cb3910507016ed2ffd840b56a0d2e46
- SHA256
  
  62b40c9410bbc2f6b7c1d7d2866ba616452a36ecb16673e6a41ec5a012262648
- SHA512
  
  6c0177f96c2daa3dba48ace0bdcc95048b2f83e1c88f9401e2c3c51a944c45b32ca441ea03b922f33de0315efd47cac7e31b081a4c02d3f81f4b3385df15ac73
- SSDEEP
  
  49152:WHMvfBaEea526oSp4Yl9jtixmXo7I3fOi:WMh5oYlHiIok3mi
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2