Overview

overview

10

Static

static

1

222_737_81012.vbs

windows7-x64

10

222_737_81012.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c2d580396fba6658e64244554c8fb20_JaffaCakes118

  • Size

    313KB

  • Sample

    240610-2kvshstgln

  • MD5

    9c2d580396fba6658e64244554c8fb20

  • SHA1

    6bbc2c889346a9aa0eeceeefbc46a94fed4ec753

  • SHA256

    7007dec4ec2161c678290c824884e5efad2c665973d275c1c7fb41e08b4a990b

  • SHA512

    927567ce9b3346ec6a4d6a4ffca778a98b7f04d1b0dee5f8d2662b5faa632aa482337e456e088c38ed7ca0d587f5ddbdff582e4b29ab0307fcd89c775f979283

  • SSDEEP

    6144:VLhmVMbSmN9lgQWVCI0xufX7le/QJwaf9u3CUITMRvvBsrqYfh3C7lyX7:VdiMbflg6xuzo8PeHOrqY47lyX7

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

1.5.78.29

71.61.197.13

128.43.39.106

68.164.114.181

243.7.235.34

185.92.222.238

192.71.249.51

42.180.72.123

159.159.89.172

135.231.151.187
rsa_pubkey.plain

Targets

    • Target

      222_737_81012.vbs

    • Size

      1.4MB

    • MD5

      a2cc4f4bcdae552283245eef031e6a76

    • SHA1

      2c352ebeb6d6d297c897ea4b6a4699aeae305b77

    • SHA256

      94137a6f7898f6f99a2f296690c447c2c3f5faad004cc180f40269dacbced23e

    • SHA512

      6312c0e2b163182b00417d48f291954b39be09fe04570e2c08fe8b00481b24c4815ef8852c8a92ef825e5444fe6511c3b9beeaa9601dfaa0cb238e09cb29ed26

    • SSDEEP

      12288:Negy6Cy/jr3nx6aITPYnAqYmjMaS3QwIdqEXJZRGK5ReKRWFlxEXNUbKCDo/LqPx:Negy49L6btb

    Score
    10/10
    danabotbankerbotnettrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

      botnet

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks