Overview

overview

10

Static

static

1

CRA_INV_20...18.vbs

windows7-x64

10

CRA_INV_20...18.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    94f0e30a7d10fb1b21f63b28c18e858b_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240604-qaf1tshb46

  • MD5

    94f0e30a7d10fb1b21f63b28c18e858b

  • SHA1

    7e141942d1df59ebcf62a641de2db15408f04235

  • SHA256

    56e5141838117a72da51f61f1e3e83b23ac9ba26afb3bd712ebb55fff6482efb

  • SHA512

    c06fe501053a3dbb82e07712367f8abc40b15a06ccb9178fc65e975877ee05a368303ec623f82aaf186aadeb33d94ae48a5d7d9a92f3936bc358f97f7b1bcd3c

  • SSDEEP

    49152:tq14UD2ZVX8Z/3lZnHhJ4xRRQxnmicOjrjlJQlX/Jcv:w1yVwrHCwnm9Ojb2u

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

181.63.44.194

207.148.83.108

45.77.40.71

87.115.138.169

24.229.48.7

116.111.206.27

45.196.143.203

218.65.3.199

131.59.110.186

113.81.97.96
rsa_pubkey.plain

Targets

    • Target

      CRA_INV_2019_552913887418/CRA_INV_2019_552913887418.vbs

    • Size

      24.2MB

    • MD5

      3818ef620d826c62136f450c32429ae5

    • SHA1

      1297b772ec42586ce1c6db624e8948cbe265710d

    • SHA256

      38c668144becb1199196394ad78df6694c86597a283aea61bd036dc1da2eef62

    • SHA512

      9789441d9a76f62213ce9889422241c6732ec21ab4ddfff4b596136d327d393c03f8c2f0973b07fd88c7d21c1149d1418d3c153b6b802562ad4b9035ebe78c00

    • SSDEEP

      6144:Xuqc48TgRr+iPNUvl2bXZF3HCqyURNcZV0N5pCO4Mt6pQi:RXr9PNi2bHKPQi

    Score
    10/10
    danabotbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks