General

  • Target

    1bb79932aad07fb2284cf0715b179a6a662879a13b82e01bdf815447c7835d91

  • Size

    3.7MB

  • Sample

    250603-jattcszsav

  • MD5

    ab7a79ae226b7977f6b58a9167dd9f7d

  • SHA1

    170f15b983fd5e84609fd618083d755ff556eabd

  • SHA256

    1bb79932aad07fb2284cf0715b179a6a662879a13b82e01bdf815447c7835d91

  • SHA512

    77a6394916236ba01188fbc8325595975695209fd487d4d785dee16a97e89e41d01166f2f465517714c91d43f00719751aa1fc4ebdc9701b9f106c2c97a8e4a2

  • SSDEEP

    49152:85cb2rejRgltM93/BFZWjZMroRUSRYNpq1LDDpLd1tdHOTNaW62ZfT:85EnRg7M9vBFZWjZOeDDL1tVZ2f

Malware Config

Extracted

Family

danabot

C2

45.153.241.115:443

172.93.181.217:443

172.93.181.219:443

192.236.192.154:443

Attributes
  • embedded_hash

    E91E701C5196B30913375191EC27E0B2

  • type

    loader

Targets

    • Target

      1bb79932aad07fb2284cf0715b179a6a662879a13b82e01bdf815447c7835d91

    • Size

      3.7MB

    • MD5

      ab7a79ae226b7977f6b58a9167dd9f7d

    • SHA1

      170f15b983fd5e84609fd618083d755ff556eabd

    • SHA256

      1bb79932aad07fb2284cf0715b179a6a662879a13b82e01bdf815447c7835d91

    • SHA512

      77a6394916236ba01188fbc8325595975695209fd487d4d785dee16a97e89e41d01166f2f465517714c91d43f00719751aa1fc4ebdc9701b9f106c2c97a8e4a2

    • SSDEEP

      49152:85cb2rejRgltM93/BFZWjZMroRUSRYNpq1LDDpLd1tdHOTNaW62ZfT:85EnRg7M9vBFZWjZOeDDL1tVZ2f

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v16

Tasks