General

  • Target

    JaffaCakes118_e42d027d3feab7c60f639e3c4258a0bb6eb9b7d060c8ed91b6e0ee7370c2844d

  • Size

    1.3MB

  • Sample

    241223-v8bwzswmfx

  • MD5

    fa0e4032313c5c0e5f5eefa0496f628e

  • SHA1

    e67ad1aa6b7e7d4500a57b5e552d4c62402f3283

  • SHA256

    e42d027d3feab7c60f639e3c4258a0bb6eb9b7d060c8ed91b6e0ee7370c2844d

  • SHA512

    c49c94b54d8f9960d0ab661024f72b286c0bc5429c0dcaba8593fc4a9c338ea3686babe51195ed2a9c1e996e9d8569b7ca49391ddea285808169368e6ad16f0e

  • SSDEEP

    24576:nCdMA77jXQDVEX1cJGaH4pRttbk8p6mTIT6n9KZ9AsOwmiQiVxikDGt:nCdhwx61E0zY8pAO9MZQii2+

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      JaffaCakes118_e42d027d3feab7c60f639e3c4258a0bb6eb9b7d060c8ed91b6e0ee7370c2844d

    • Size

      1.3MB

    • MD5

      fa0e4032313c5c0e5f5eefa0496f628e

    • SHA1

      e67ad1aa6b7e7d4500a57b5e552d4c62402f3283

    • SHA256

      e42d027d3feab7c60f639e3c4258a0bb6eb9b7d060c8ed91b6e0ee7370c2844d

    • SHA512

      c49c94b54d8f9960d0ab661024f72b286c0bc5429c0dcaba8593fc4a9c338ea3686babe51195ed2a9c1e996e9d8569b7ca49391ddea285808169368e6ad16f0e

    • SSDEEP

      24576:nCdMA77jXQDVEX1cJGaH4pRttbk8p6mTIT6n9KZ9AsOwmiQiVxikDGt:nCdhwx61E0zY8pAO9MZQii2+

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks