General

  • Target

    JaffaCakes118_155b69d0734426dc804a8596d9f3e45da629f6e2fd040c177235547dc1b9db62

  • Size

    2.3MB

  • Sample

    241223-rhwa6a1qhs

  • MD5

    dfb0e0592d6c8dc938af4995ccb4a37b

  • SHA1

    76fa2a835feae7216337aafb0424121441bb0fd2

  • SHA256

    155b69d0734426dc804a8596d9f3e45da629f6e2fd040c177235547dc1b9db62

  • SHA512

    d6947255c21347c34933e7b988a214ef00879d642cbea1396e6d0f772d4744e4a45e0f49d515f84c2cccabedf8e5ebe180d44ce3521f474efc0a3c2a409af6b7

  • SSDEEP

    49152:HrPQpGqdb10mMVVrYKIoc6UzA0dchX0f93T0I52e5DI68fjNme4HPqw:UGqd3ic1A0CqQI57I6Oke4v

Malware Config

Extracted

Family

danabot

C2

153.92.223.225:443

185.62.56.245:443

198.15.112.179:443

Attributes
  • embedded_hash

    5B850BFD39D47030C0AAC0024D43ABEA

  • type

    loader

Targets

    • Target

      JaffaCakes118_155b69d0734426dc804a8596d9f3e45da629f6e2fd040c177235547dc1b9db62

    • Size

      2.3MB

    • MD5

      dfb0e0592d6c8dc938af4995ccb4a37b

    • SHA1

      76fa2a835feae7216337aafb0424121441bb0fd2

    • SHA256

      155b69d0734426dc804a8596d9f3e45da629f6e2fd040c177235547dc1b9db62

    • SHA512

      d6947255c21347c34933e7b988a214ef00879d642cbea1396e6d0f772d4744e4a45e0f49d515f84c2cccabedf8e5ebe180d44ce3521f474efc0a3c2a409af6b7

    • SSDEEP

      49152:HrPQpGqdb10mMVVrYKIoc6UzA0dchX0f93T0I52e5DI68fjNme4HPqw:UGqd3ic1A0CqQI57I6Oke4v

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks