General

  • Target

    aec649263ab61c7accc8ef33c19121d8_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241129-ell6fazmeq

  • MD5

    aec649263ab61c7accc8ef33c19121d8

  • SHA1

    3d70bc54de8f70fe7d65abc5f77002882fc19518

  • SHA256

    e56e3c5fe0748fa4c1982063ad9d2eb2942fe828f2d102839e32ad3b8b74d513

  • SHA512

    3411961b475d4071b9b7677e3e69412af4537ab9ff718ef5057131994a3095f9968ba0d957c9db5b6295b0ba86524a6288ed57925dba4ec225715597da2bd984

  • SSDEEP

    24576:EXg9pMv0by9r9ldv/XKdQ6GXIUYpj0BQybMcOd0I2Yev9LAsI:TA02V9vqQDupj0QcPI2Yev9C

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.124:443

142.11.206.50:443

Attributes
  • embedded_hash

    6AD9FE4F9E491E785665E0D144F61DAB

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      aec649263ab61c7accc8ef33c19121d8_JaffaCakes118

    • Size

      1.1MB

    • MD5

      aec649263ab61c7accc8ef33c19121d8

    • SHA1

      3d70bc54de8f70fe7d65abc5f77002882fc19518

    • SHA256

      e56e3c5fe0748fa4c1982063ad9d2eb2942fe828f2d102839e32ad3b8b74d513

    • SHA512

      3411961b475d4071b9b7677e3e69412af4537ab9ff718ef5057131994a3095f9968ba0d957c9db5b6295b0ba86524a6288ed57925dba4ec225715597da2bd984

    • SSDEEP

      24576:EXg9pMv0by9r9ldv/XKdQ6GXIUYpj0BQybMcOd0I2Yev9LAsI:TA02V9vqQDupj0QcPI2Yev9C

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot Loader Component

    • Danabot family

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks