General

  • Target

    c9a440b05ab3e0acc687d1d4414d068d_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240405-d3x4laba91

  • MD5

    c9a440b05ab3e0acc687d1d4414d068d

  • SHA1

    7f175c9756fb3ea1751f16a94ab00cb4602e6cee

  • SHA256

    29c3c028441946cc1790e63882fc638594de44704073914d1ae4456dee4b131e

  • SHA512

    beb55cd5495f7187d708c45144eaeb16390c1a503cdfb96e32418f8f93467eed2aacdc3a9712adf8b14872a141b93f1e5b473ebb405618b91c8d8549ac8ac5e9

  • SSDEEP

    24576:v/80Apxpo2ctW1CBOjwlrjQQYLyW6goqia:XMXpo2SBBmwJLyago

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443

Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      c9a440b05ab3e0acc687d1d4414d068d_JaffaCakes118

    • Size

      1.2MB

    • MD5

      c9a440b05ab3e0acc687d1d4414d068d

    • SHA1

      7f175c9756fb3ea1751f16a94ab00cb4602e6cee

    • SHA256

      29c3c028441946cc1790e63882fc638594de44704073914d1ae4456dee4b131e

    • SHA512

      beb55cd5495f7187d708c45144eaeb16390c1a503cdfb96e32418f8f93467eed2aacdc3a9712adf8b14872a141b93f1e5b473ebb405618b91c8d8549ac8ac5e9

    • SSDEEP

      24576:v/80Apxpo2ctW1CBOjwlrjQQYLyW6goqia:XMXpo2SBBmwJLyago

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks