Overview

overview

10

Static

static

3

914572ae32...18.exe

windows7-x64

10

914572ae32...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    914572ae32ea3b7fda9860a619373534_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241123-3fhstsylem

  • MD5

    914572ae32ea3b7fda9860a619373534

  • SHA1

    afcd7d7280d9a19e69c056f8699283b4b92e435d

  • SHA256

    fe7ce2b5ac19e2fc93436e1eddab8bc79043c518078559b8f9a2984a601b36cd

  • SHA512

    b732d245509d13d98b23fd0b21878a03a0451db10f22334c2f8fd16f930ed961ae6ae1947a327001d3b4b76cf092a5fb9702df1f596452c9d3affd594d5577d7

  • SSDEEP

    24576:Fmi/0mAnPFpGJD02Ev/J9IMYRys50FCs5p1ISI:96PFpKDKXJeks50FCstIl

Score
10/10
danabot4bankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443
Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      914572ae32ea3b7fda9860a619373534_JaffaCakes118

    • Size

      1.1MB

    • MD5

      914572ae32ea3b7fda9860a619373534

    • SHA1

      afcd7d7280d9a19e69c056f8699283b4b92e435d

    • SHA256

      fe7ce2b5ac19e2fc93436e1eddab8bc79043c518078559b8f9a2984a601b36cd

    • SHA512

      b732d245509d13d98b23fd0b21878a03a0451db10f22334c2f8fd16f930ed961ae6ae1947a327001d3b4b76cf092a5fb9702df1f596452c9d3affd594d5577d7

    • SSDEEP

      24576:Fmi/0mAnPFpGJD02Ev/J9IMYRys50FCs5p1ISI:96PFpKDKXJeks50FCstIl

    Score
    10/10
    danabot4bankerdiscoverytrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot Loader Component

    • Danabot family

      danabot

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks