General

  • Target

    DanaBot.dll

  • Size

    2.4MB

  • Sample

    250423-vsemyaxrz7

  • MD5

    7e76f7a5c55a5bc5f5e2d7a9e886782b

  • SHA1

    fc500153dba682e53776bef53123086f00c0e041

  • SHA256

    abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

  • SHA512

    0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

  • SSDEEP

    24576:nqUec48KhhW1bCYo9mvn9YDq+0aM+MqYrtaBwSbx3jMUAlZSVV4VHa4k3NkZED99:nYmFyqi4aeSN3oRlZyAKSo7I3fOic

Malware Config

Extracted

Family

danabot

C2

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Targets

    • Target

      DanaBot.dll

    • Size

      2.4MB

    • MD5

      7e76f7a5c55a5bc5f5e2d7a9e886782b

    • SHA1

      fc500153dba682e53776bef53123086f00c0e041

    • SHA256

      abd75572f897cdda88cec22922d15b509ee8c840fa5894b0aecbef6de23908a3

    • SHA512

      0318e0040f4dbf954f27fb10a69bce2248e785a31d855615a1eaf303a772ad51d47906a113605d7bfd3c2b2265bf83c61538f78b071f85ee3c4948f5cde3fb24

    • SSDEEP

      24576:nqUec48KhhW1bCYo9mvn9YDq+0aM+MqYrtaBwSbx3jMUAlZSVV4VHa4k3NkZED99:nYmFyqi4aeSN3oRlZyAKSo7I3fOic

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v16

Tasks