General

  • Target

    d8aef78a0869870337b9ed92585036dd_JaffaCakes118

  • Size

    279KB

  • Sample

    240910-vwq55svfmn

  • MD5

    d8aef78a0869870337b9ed92585036dd

  • SHA1

    4b7e17e96d68f0e037ba8de3f86c16f35bc1976f

  • SHA256

    ca9dba2d80d8041fafc649daa99d1152d66114316faf3578bddf301e80cf4889

  • SHA512

    1b39dc53d4789bab61c5216f4c7e63e91be1204a1637df2ecd871d1cedef4f0d8594261964207a1f9bf5f33ce52189e196a395f12bdf689f52d88528c965c6e4

  • SSDEEP

    6144:5LhmVMbSmN9lgQWVCI0xufX7le/QJwaf9u3CUITMRvvBsrye1SMLL:5diMbflg6xuzo8PeHOrf3LL

Malware Config

Extracted

Family

danabot

C2

1.5.78.29

71.61.197.13

128.43.39.106

68.164.114.181

243.7.235.34

185.92.222.238

192.71.249.51

42.180.72.123

159.159.89.172

135.231.151.187

rsa_pubkey.plain

Targets

    • Target

      222_737_810112.vbs

    • Size

      1.3MB

    • MD5

      b438c934bee7b8342d19839c12cdac9b

    • SHA1

      63dd9fb69dc0cbb2af9a30bf79d6c7fbcc63068a

    • SHA256

      0113aad7c31e7c6fcef100c44e8a1f1fc0616ff0dd948915405ba9e0d697ac9c

    • SHA512

      8e50ae6f35bd56350f682b5a5291e5fa01f52cff408de66364159b4ef12ca146bc52b837753cf8e9d9e5ab312e16b99c3c9e220944b57569e4d23322721f749e

    • SSDEEP

      12288:Negy6Cy/jr3nx6aITPYnAqYmjMaS3QwIdqEXJZRGK5ReKRWFlxEXNUbKCDo/LqPk:Negy49L6b70d

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks