General

  • Target

    f7df6fd0c5a03d2bf1f08a4398b38ca1_JaffaCakes118

  • Size

    279KB

  • Sample

    241216-h1vynszlfw

  • MD5

    f7df6fd0c5a03d2bf1f08a4398b38ca1

  • SHA1

    df3f34e852fab5bdc486c19b38cb708541290c68

  • SHA256

    3f36f1bc475cbafdcb6c159f4cb42b9ace4a4321c702fc4f21f179a12be48bd3

  • SHA512

    b3d66a4180718b7ed054e66c76d70c0459df1cee88929fffd1da09dd57e1cd005d8aae2181edf5093024f0b15e4d35bbd2869387d9dfdc419527b5024f69b7ae

  • SSDEEP

    6144:SLhmVMbSmN9lgQWVCI0xufX7le/QJwaf9u3CUITMRvvBsr1tJvopyz9x/V:SdiMbflg6xuzo8PeHOr1tipyzr9

Malware Config

Extracted

Family

danabot

C2

1.5.78.29

71.61.197.13

128.43.39.106

68.164.114.181

243.7.235.34

185.92.222.238

192.71.249.51

42.180.72.123

159.159.89.172

135.231.151.187

rsa_pubkey.plain

Targets

    • Target

      222_737_810161.vbs

    • Size

      1.3MB

    • MD5

      d7100ddc69989fb142f98fff02c6508f

    • SHA1

      29bb5a48a3bb63452b37bf3c2e4acfcae929a975

    • SHA256

      bb0f5392216d97c801dce3d5e18299608bfbaa344063f55a8ef84c40f3002c4f

    • SHA512

      49dee4b048c0515ed1a98adcfab98f1d188da1da2d7cbf8627786e5604e01a0b4500a203a9803e2be81fc7766b4b47870fb9f5fca6ae2a6485a69b94a6613508

    • SSDEEP

      12288:Negy6Cy/jr3nx6aITPYnAqYmjMaS3QwIdqEXJZRGK5ReKRWFlxEXNUbKCDo/LqPP:Negy49L6bEJS

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Danabot x86 payload

      Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks