Overview

overview

10

Static

static

3

fecbacfbd7...18.exe

windows7-x64

10

fecbacfbd7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fecbacfbd7c6c9637a5c9bdc5101b92c_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240421-jm1sfaeg6z

  • MD5

    fecbacfbd7c6c9637a5c9bdc5101b92c

  • SHA1

    edd422674fb34b625753bf24bebecf052ec175ca

  • SHA256

    9329c623ff64360ce5e887f27e050ff9c73537aca97761da60fd9ded70e9a8c4

  • SHA512

    cb1ca2afc808b6e7ce83eb5017d2ac173334baafabe5e7e27f6cde697b30a50bd5bd88424a05e7a867eb015737b7bd04ef8ab4e0de2134c1cab734cda4ff212f

  • SSDEEP

    24576:RDPvuiFY3TVoqQ1fone333t1sJvOEuTH3uVRnknDr5BPA:BXuiFY3TM80dmbuTH3uOn5BI

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443
Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      fecbacfbd7c6c9637a5c9bdc5101b92c_JaffaCakes118

    • Size

      1.1MB

    • MD5

      fecbacfbd7c6c9637a5c9bdc5101b92c

    • SHA1

      edd422674fb34b625753bf24bebecf052ec175ca

    • SHA256

      9329c623ff64360ce5e887f27e050ff9c73537aca97761da60fd9ded70e9a8c4

    • SHA512

      cb1ca2afc808b6e7ce83eb5017d2ac173334baafabe5e7e27f6cde697b30a50bd5bd88424a05e7a867eb015737b7bd04ef8ab4e0de2134c1cab734cda4ff212f

    • SSDEEP

      24576:RDPvuiFY3TVoqQ1fone333t1sJvOEuTH3uVRnknDr5BPA:BXuiFY3TM80dmbuTH3uOn5BI

    Score
    10/10
    danabot4bankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot Loader Component

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks