General

  • Target

    c9aa90525dae9738fdd2e72d15fa7533_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240405-d4mz1sbg25

  • MD5

    c9aa90525dae9738fdd2e72d15fa7533

  • SHA1

    0341e47456e2b1f6e59f6e82de18a23d810d6eb1

  • SHA256

    4a22c0f9ba13ab18950c865a0d164a9840359712c76501e5f64f54e740441a79

  • SHA512

    05d89d748bdce04dec6b2297da6837fe119369a21a4c82092e67c624d6581215cdd0585c5b92d7026609a1deda38708c5a49fc13dbed905d38d3f2a718853a84

  • SSDEEP

    24576:8OyyUMxRHOsOWrGiahHi1FQoCdES1othxjl7Y0Art1v4:8OMMxtOs3SHhi3R8ESixjl7Yh

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.73:443

142.11.242.31:443

192.210.222.88:443

Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

rsa_privkey.plain

Targets

    • Target

      c9aa90525dae9738fdd2e72d15fa7533_JaffaCakes118

    • Size

      1.2MB

    • MD5

      c9aa90525dae9738fdd2e72d15fa7533

    • SHA1

      0341e47456e2b1f6e59f6e82de18a23d810d6eb1

    • SHA256

      4a22c0f9ba13ab18950c865a0d164a9840359712c76501e5f64f54e740441a79

    • SHA512

      05d89d748bdce04dec6b2297da6837fe119369a21a4c82092e67c624d6581215cdd0585c5b92d7026609a1deda38708c5a49fc13dbed905d38d3f2a718853a84

    • SSDEEP

      24576:8OyyUMxRHOsOWrGiahHi1FQoCdES1othxjl7Y0Art1v4:8OMMxtOs3SHhi3R8ESixjl7Yh

    Score
    10/10
    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Matrix

Tasks