General
-
Target
f70af025548df40e384bc4bac11d78f5_JaffaCakes118
-
Size
279KB
-
Sample
240418-ce4qsshc9s
-
MD5
f70af025548df40e384bc4bac11d78f5
-
SHA1
8339970fc6324ffa1486823e20d036ec03cd8f4f
-
SHA256
6c569d751bad1c483e441d11fddd7163682835c963834014bc22481a7abe1163
-
SHA512
58c3b847e6a795d87677af652e92d9d0d6eda96a66ba2dcc3296d64ee6f9f03f4ab92285cdc3d5a7531fc857bc3a334b8fe7f6db3ee233bd1880fe86cea03c77
-
SSDEEP
6144:EzmY9buUTnXQpisZuBuQO4jg4w/gI6yhwH8xzO1fFR4FOBTGQ:Ev3Tgpi62uQO4jqgAycx+t1Bd
Malware Config
Extracted
danabot
17.87.135.29
178.209.51.211
92.19.7.22
192.71.249.51
125.204.180.169
182.91.160.38
35.132.27.153
11.32.49.47
50.64.117.111
121.215.98.191
Targets
-
-
Target
DHL_06052019_00330134265324053041.vbs
-
Size
1.5MB
-
MD5
92ecf80bc725fa74181d95ac0838e868
-
SHA1
7f799efa6d6cb3cfe194d5ca6b046839bf5f2a14
-
SHA256
d0d6b5440599fb7f047c0f2c933f2291c308d8c755d03d50097d7509005898f0
-
SHA512
9e00078a0e70f5f7bf5042d9ca3639facc495e8337a05912b0c10ab0b9d6bc7efcd8fcde7f9a313f833f71593eadab642211403449558e0027d52695ef8754ce
-
SSDEEP
3072:bEBy+XzeuINWCVuvRNZ0/8eywuFgT1Nk0g4gvVuctC76l/ahL/rk1yuJaXXn/kd3:WUIPbDXs10xh
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-