General

  • Target

    8d27327304ac16011b1d62d136213fbe_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240402-p553rsad3w

  • MD5

    8d27327304ac16011b1d62d136213fbe

  • SHA1

    f17d0c94577ef25fa92ccbfd998103f4d22d1d17

  • SHA256

    2815aa497d50f42209162c298d40e32110ade6ec567b7c709d3bb52c6b3049b6

  • SHA512

    2db63ccd13fa93580ae61d43969d91b23800f6b3188f5fdb71f3b2cbe63626a41c2b9e5c15d7349823fa0409614b31f5af9e9f97c4072230ead50c5cc143ee3e

  • SSDEEP

    24576:zY4X+ecDqs8tQ0a3AM1l/9xh4TNRV8/V52WaVy:zY4OeWP8UQM1l/V4TNRm/V52

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPvYED31s9p4zf6GMtg/u+PcE3
3
nZfynudhDfv9UkUfPbos2SlZ26IDACG5/jQNYcToWrfJiUO9rHtvi2OvyMM0sHdJ
4
KQVRs5DsWW+z2cSr3feptw4M2MoUKzr9hDPum7mJDoHCnp1QQ88CXGRFUkIgeDWQ
5
xtcCtZrs2sSQRqUMiwIDAQAB
6
-----END PUBLIC KEY-----
rsa_privkey.plain
1
-----BEGIN PRIVATE KEY-----
2
MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBALXrW0pxXrK/Rh3h
3
BbFwkIHFDqdAS3mfhDgnEQKPQvChOKnCXDzpbT5bWwfarACFt7uhWTXezErcL07v
4
vG12htqg40rpvgYEvulVgIyGwslWJoFwRNXInfO10ls2l/O8k+NL7m0m3WgGimjU
5
XtZ/Qc8X6z3iVozHlUcxeKrxE4QZAgMBAAECgYAMUv9Sbz9q8kdV7dvSC14Bf0VA
6
smaKkkfFpWvjFavYxmtNdi6D1+J/53YmyuXSe+dDGFQFW2x7+Se2psodS6V+Bjjk
7
MJwQPbhzKrdJzeTZUlUppsI5LXBcuUZk6sNg4Z3J/2BZ8mgoxdwTp7EFSHkh+Vrj
8
PWwdjQyef2eAfbkWKQJBALapUgGiq9vCekDvuI37tM2Y3yDEJg//nx9b6hsJaQ/E
9
GEhoghG7kFU+SWEXeCfLFwPfZgWqoHoafWNcSuwUGKUCQQD+9cQKyzknF2zZ0pQJ
10
J2D/xA5jiX4prXABtnZEy51FSIQ6Dw2bG7hh11d2AesyAkmmnatF6LoUwHU3gN9g

Targets

    • Target

      8d27327304ac16011b1d62d136213fbe_JaffaCakes118

    • Size

      1.2MB

    • MD5

      8d27327304ac16011b1d62d136213fbe

    • SHA1

      f17d0c94577ef25fa92ccbfd998103f4d22d1d17

    • SHA256

      2815aa497d50f42209162c298d40e32110ade6ec567b7c709d3bb52c6b3049b6

    • SHA512

      2db63ccd13fa93580ae61d43969d91b23800f6b3188f5fdb71f3b2cbe63626a41c2b9e5c15d7349823fa0409614b31f5af9e9f97c4072230ead50c5cc143ee3e

    • SSDEEP

      24576:zY4X+ecDqs8tQ0a3AM1l/9xh4TNRV8/V52WaVy:zY4OeWP8UQM1l/V4TNRm/V52

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.