Overview

overview

10

Static

static

3

b232094952...18.exe

windows7-x64

10

b232094952...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2320949524098f6c6a83c7a6c4a3c25_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240404-h66x5ahb91

  • MD5

    b2320949524098f6c6a83c7a6c4a3c25

  • SHA1

    943deb9b0f11bbd3c6809880894f76b1ca4439e3

  • SHA256

    eb90b464ca157e8fa10f633d5a8eb2fc61b0b2ac415fc591bcdebadc64d807ee

  • SHA512

    06a2bd45a1a1244aa29d0529b4dbdce63f50556df356e8341cbeaaceb840741fe8813fa5d41df9c0e640de883d84c478a85de5daf948574c300022de5c872132

  • SSDEEP

    24576:fK9+03LEh3HqZ7ubCrUwVfLXbLPauq4zElb9KgkVPJiZ5lDF32LrRGVPe8:QFL+qumYojbLPau7zEl4gcQlD95

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443
Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      b2320949524098f6c6a83c7a6c4a3c25_JaffaCakes118

    • Size

      1.2MB

    • MD5

      b2320949524098f6c6a83c7a6c4a3c25

    • SHA1

      943deb9b0f11bbd3c6809880894f76b1ca4439e3

    • SHA256

      eb90b464ca157e8fa10f633d5a8eb2fc61b0b2ac415fc591bcdebadc64d807ee

    • SHA512

      06a2bd45a1a1244aa29d0529b4dbdce63f50556df356e8341cbeaaceb840741fe8813fa5d41df9c0e640de883d84c478a85de5daf948574c300022de5c872132

    • SSDEEP

      24576:fK9+03LEh3HqZ7ubCrUwVfLXbLPauq4zElb9KgkVPJiZ5lDF32LrRGVPe8:QFL+qumYojbLPau7zEl4gcQlD95

    Score
    10/10
    danabot4bankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks