Overview

overview

10

Static

static

10

fdc145d464...18.dll

windows7-x64

10

fdc145d464...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdc145d46403a4ab4f3c271038e9b71a_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240420-12c4csbb79

  • MD5

    fdc145d46403a4ab4f3c271038e9b71a

  • SHA1

    265116608b06a2926e54c76044a78493e81ba5dc

  • SHA256

    40620ee4884dd5f585c7d8286bda375535af329154ec44e5826ac84e9716156e

  • SHA512

    60f08391a725392538870559550118c5eea0b3b871052e0dae3b95e9f592e595a1c6b054b72def306ce6ea907dcb86ede04b7e6e0c0b4d356e085bc192c19ff2

  • SSDEEP

    24576:lcF2L9dT0secg4cOeMDBj2Zsrm0Ty0zjPTzK:GyjFjMTe3Tu

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.242.31:443

192.119.110.73:443

192.210.222.88:443
Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPvYED31s9p4zf6GMtg/u+PcE3
3
nZfynudhDfv9UkUfPbos2SlZ26IDACG5/jQNYcToWrfJiUO9rHtvi2OvyMM0sHdJ
4
KQVRs5DsWW+z2cSr3feptw4M2MoUKzr9hDPum7mJDoHCnp1QQ88CXGRFUkIgeDWQ
5
xtcCtZrs2sSQRqUMiwIDAQAB
6
-----END PUBLIC KEY-----
rsa_privkey.plain
1
-----BEGIN PRIVATE KEY-----
2
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALECZVfwUGst/Bon
3
3nD5L+BKcuOKrILWJJQaqa7WKqCCnUEV/OqmGgrXvCRlhuv7xnh1Mzr2xsBGxpMA
4
nJJpFJ2kSbBniSKY4TIuniFufKd2jWNRZ7194gqhDK1xtP1zJWxluzDE13Hker24
5
4tMM7an7L3W4tITu0vbRM0Yf+wqVAgMBAAECgYBG2U4mCiauF6xR7cZPkrXSgQoG
6
QHG3Nq5SZ2+mbsuGDnGR5RKj+xLuZxZDvS1pVA/HFCYKwk6gFFQT78k7ovqgSeng
7
C24Fqt7JYX3XsCiXTVqZLRXifH1EGrE8VN2Zy4lF8wUKGOrwl49EW+aEDP2DO3ge
8
eSsIq9cpbt0D0rWFawJBANwsLiSfbDrQajCmn8+1g5ANX6oQW4YExaeGF0G5fXIn
9
auiI9gFjTtFGYLyKKF6O+1w2lOxP9E2v0W2GV/s9fM8CQQDN0CXI1+4YB1dw0QTZ
10
HHOAmEfGwXwSEgMu3dRPGvjYuE9p83izd7a0DZrpVid5A+74BaEQEX7nKV6qjDmj

Targets

    • Target

      fdc145d46403a4ab4f3c271038e9b71a_JaffaCakes118

    • Size

      1.3MB

    • MD5

      fdc145d46403a4ab4f3c271038e9b71a

    • SHA1

      265116608b06a2926e54c76044a78493e81ba5dc

    • SHA256

      40620ee4884dd5f585c7d8286bda375535af329154ec44e5826ac84e9716156e

    • SHA512

      60f08391a725392538870559550118c5eea0b3b871052e0dae3b95e9f592e595a1c6b054b72def306ce6ea907dcb86ede04b7e6e0c0b4d356e085bc192c19ff2

    • SSDEEP

      24576:lcF2L9dT0secg4cOeMDBj2Zsrm0Ty0zjPTzK:GyjFjMTe3Tu

    Score
    10/10
    danabot4bankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot Loader Component

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.