Overview

overview

10

Static

static

3

d54a652293...18.dll

windows7-x64

10

d54a652293...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d54a6522937b56fa77add452dbd27dea_JaffaCakes118

  • Size

    2.5MB

  • Sample

    240908-3jm7qa1bqp

  • MD5

    d54a6522937b56fa77add452dbd27dea

  • SHA1

    e9d9278460e89193ba64ea27acd07d19a90161e0

  • SHA256

    a0c89e916208296d51e6dfb7f956ea1749b555e2adb6d1593f141a4debfbc68b

  • SHA512

    aa2303becf1e666d25cac7ef853b6de0f20ca8d390d2006e64a127430640f2803571201b755d476432a4bbe6a61f99e65c7c9bf77f6cab0edb094f85afd67cfc

  • SSDEEP

    24576:Op79nhhd+3NDOtbWuXGHL3CWJ9NSFNX7oskG3aJZ20dIvy0tJT6k:ON9Xd+FoI3lLyNsskJJZK11

Score
10/10
danabotbankerdiscoveryspywarestealertrojan

Malware Config

Targets

    • Target

      d54a6522937b56fa77add452dbd27dea_JaffaCakes118

    • Size

      2.5MB

    • MD5

      d54a6522937b56fa77add452dbd27dea

    • SHA1

      e9d9278460e89193ba64ea27acd07d19a90161e0

    • SHA256

      a0c89e916208296d51e6dfb7f956ea1749b555e2adb6d1593f141a4debfbc68b

    • SHA512

      aa2303becf1e666d25cac7ef853b6de0f20ca8d390d2006e64a127430640f2803571201b755d476432a4bbe6a61f99e65c7c9bf77f6cab0edb094f85afd67cfc

    • SSDEEP

      24576:Op79nhhd+3NDOtbWuXGHL3CWJ9NSFNX7oskG3aJZ20dIvy0tJT6k:ON9Xd+FoI3lLyNsskJJZK11

    Score
    10/10
    danabotbankerdiscoveryspywarestealertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks