General

  • Target

    a2602db74991cc82d39a84ca9459a988_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240403-v7465sgd58

  • MD5

    a2602db74991cc82d39a84ca9459a988

  • SHA1

    6465170dde69a1019768f91ca66c2eb70db11e0e

  • SHA256

    ebce9843b6f8483818e08e94b5c2ddee05f9ee325a7b7b4fb1bb66a797e97b1c

  • SHA512

    a63aead9f430577090255ef3f0bdd03781675bf4c2783a53154f4338e0595c0a67dd96bcd675a46c282444e5662cbd531e0d710beb7487ecc8273a9e56f5f428

  • SSDEEP

    24576:aDPPGsLmRUSTuUqbMknnTK/drRsJfeTI+IpbNm7BPAyEHE3wvK9n+nnkDK:OPuUpnTK/drRwfblbNmuyqK

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

Targets

    • Target

      a2602db74991cc82d39a84ca9459a988_JaffaCakes118

    • Size

      1.2MB

    • MD5

      a2602db74991cc82d39a84ca9459a988

    • SHA1

      6465170dde69a1019768f91ca66c2eb70db11e0e

    • SHA256

      ebce9843b6f8483818e08e94b5c2ddee05f9ee325a7b7b4fb1bb66a797e97b1c

    • SHA512

      a63aead9f430577090255ef3f0bdd03781675bf4c2783a53154f4338e0595c0a67dd96bcd675a46c282444e5662cbd531e0d710beb7487ecc8273a9e56f5f428

    • SSDEEP

      24576:aDPPGsLmRUSTuUqbMknnTK/drRsJfeTI+IpbNm7BPAyEHE3wvK9n+nnkDK:OPuUpnTK/drRwfblbNmuyqK

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks