Overview

overview

10

Static

static

3

7efdce6925...18.exe

windows7-x64

10

7efdce6925...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7efdce6925f9d0a47262bf6909dee878_JaffaCakes118

  • Size

    847KB

  • Sample

    240529-a82gesbe5z

  • MD5

    7efdce6925f9d0a47262bf6909dee878

  • SHA1

    c2675a34536fbb0e637b3b63ca5671f93a7f9484

  • SHA256

    0a38204354bdd03ca06520f5482cc057a926eef96944a2a179c370b9f64f4842

  • SHA512

    7f5ac9a34891642b056cd37c0f54c3cc86caab581df6a4d62d1279efe38449b0bc63bbd305eecaf382fadba7022c6791293711ec9855920dbf82a0a07347a80d

  • SSDEEP

    24576:WbTUojyk1O/sDcxLx+gGBWDvKe0VR7Ev3b7YpQKZ445fm:gy7Gs78V9Ev3fYpvf

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

58.58.210.181

222.175.52.161

149.53.185.172

81.63.70.192

195.123.246.209

149.154.159.213

2.255.189.191

187.198.70.207

139.113.48.33

244.28.200.120
rsa_pubkey.plain

Targets

    • Target

      7efdce6925f9d0a47262bf6909dee878_JaffaCakes118

    • Size

      847KB

    • MD5

      7efdce6925f9d0a47262bf6909dee878

    • SHA1

      c2675a34536fbb0e637b3b63ca5671f93a7f9484

    • SHA256

      0a38204354bdd03ca06520f5482cc057a926eef96944a2a179c370b9f64f4842

    • SHA512

      7f5ac9a34891642b056cd37c0f54c3cc86caab581df6a4d62d1279efe38449b0bc63bbd305eecaf382fadba7022c6791293711ec9855920dbf82a0a07347a80d

    • SSDEEP

      24576:WbTUojyk1O/sDcxLx+gGBWDvKe0VR7Ev3b7YpQKZ445fm:gy7Gs78V9Ev3fYpvf

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks