General
-
Target
df537c8d5df1dc0946f58aec2a3cad5e_JaffaCakes118
-
Size
2.3MB
-
Sample
240914-cyrkksscpr
-
MD5
df537c8d5df1dc0946f58aec2a3cad5e
-
SHA1
fe1eb05c36a79bb69ba2426601fab0551b55cbaf
-
SHA256
4577691a01dbfeeec04082337a20f19b9a330f03bb1332c1f2340dbaf3734c0d
-
SHA512
3fd1159860aa3ab8a60a7cb5433b0b9ef97f9f13828630994023138829e044bb8f9771ee2f11a4dc02bf981a38b2570402b52cb832d408f407b68cc222ce0654
-
SSDEEP
49152:lLLLibBVPtqB2hidjT7jBsry/m8kev18rriaLC6YkqzIyiAbSLRU2bh4xm:lLfiP4BnvBsry/D39ci8QzIyiACzGxm
Malware Config
Extracted
danabot
89.44.9.132
64.188.23.70
179.43.133.35
45.147.231.218
89.45.4.126
Targets
-
-
Target
df537c8d5df1dc0946f58aec2a3cad5e_JaffaCakes118
-
Size
2.3MB
-
MD5
df537c8d5df1dc0946f58aec2a3cad5e
-
SHA1
fe1eb05c36a79bb69ba2426601fab0551b55cbaf
-
SHA256
4577691a01dbfeeec04082337a20f19b9a330f03bb1332c1f2340dbaf3734c0d
-
SHA512
3fd1159860aa3ab8a60a7cb5433b0b9ef97f9f13828630994023138829e044bb8f9771ee2f11a4dc02bf981a38b2570402b52cb832d408f407b68cc222ce0654
-
SSDEEP
49152:lLLLibBVPtqB2hidjT7jBsry/m8kev18rriaLC6YkqzIyiAbSLRU2bh4xm:lLfiP4BnvBsry/D39ci8QzIyiACzGxm
Score10/10-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot x86 payload
Detection of Danabot x86 payload, mapped in memory during the execution of its loader.
-
Blocklisted process makes network request
-
Loads dropped DLL
-