General

  • Target

    JaffaCakes118_b3c8bd4ff52bf4e67b885fc0516d1fd628fdbb2857a57216de877eacd1ffab56

  • Size

    2.7MB

  • MD5

    5386ac638249fbd773f6430a06cc81a4

  • SHA1

    03335c6a7d553ad3f64d0d8a32775841b354c3e7

  • SHA256

    b3c8bd4ff52bf4e67b885fc0516d1fd628fdbb2857a57216de877eacd1ffab56

  • SHA512

    e2040310af4429caf36a2fc0f50cbc561f63f6e1c743fd00e1b3cbc5f84950c264afe1d8d36c1087a9a21bd87069b3e2da2bfac8de7ad02fe8acf38d9f02fe78

  • SSDEEP

    49152:QHwkibDQhlCbX1dEvZEEWM3q5Lt5lc3rS4FrC9Y9mPDW5E2C/vmD00Kcl+tcW4:QHCA/CbX1BEWM3qjqxrC9cEW5OG00iti

Score
10/10

Malware Config

Extracted

Family

danabot

Version

1827

Botnet

3

C2

192.210.198.12:443

23.106.123.185:443

192.236.147.83:443

23.106.123.141:443

Attributes
  • embedded_hash

    AEF96B4D339B580ABB737F203C2D0F52

  • type

    main

rsa_pubkey.plain
rsa_pubkey.plain

Signatures

  • Danabot family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • JaffaCakes118_b3c8bd4ff52bf4e67b885fc0516d1fd628fdbb2857a57216de877eacd1ffab56
    .zip

    Password: infected

  • 0abcf1b50c908693dc1f5e38e0ea4b00e6b4a6bb77dde445c60d4fe5d5697d1a
    .dll windows:5 windows x86 arch:x86

    f0f473e3486573f3ccf849ffec21164f


    Headers

    Imports

    Exports

    Sections