General

  • Target

    JaffaCakes118_ed3986685132335d9f563db0349f743808626331bdcbd64d915214612840bfcc

  • Size

    1.4MB

  • Sample

    241224-c1kj2szldl

  • MD5

    8a0e6424bd0cb2b611055dbcd4dc4d6d

  • SHA1

    61e0f648dec0053d023dbfeaf45cb99086809124

  • SHA256

    ed3986685132335d9f563db0349f743808626331bdcbd64d915214612840bfcc

  • SHA512

    618594997b2e7268a03847a265de44c1246fdc7ab1a7c9a227cf736fcd135ec1949f1f2d53fec6ff04a14bbc9181445e20491dbd9e5f67dae695d2f1bb0e3a68

  • SSDEEP

    24576:Vn1alEjk+odRHc6UDuGZzjtE68lmiGtpfWHg2mWJztt+R+LteieKDRqHquI3uy4:VnY6NUMXZzR7L+AlWJpt+Y/ewyn

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      JaffaCakes118_ed3986685132335d9f563db0349f743808626331bdcbd64d915214612840bfcc

    • Size

      1.4MB

    • MD5

      8a0e6424bd0cb2b611055dbcd4dc4d6d

    • SHA1

      61e0f648dec0053d023dbfeaf45cb99086809124

    • SHA256

      ed3986685132335d9f563db0349f743808626331bdcbd64d915214612840bfcc

    • SHA512

      618594997b2e7268a03847a265de44c1246fdc7ab1a7c9a227cf736fcd135ec1949f1f2d53fec6ff04a14bbc9181445e20491dbd9e5f67dae695d2f1bb0e3a68

    • SSDEEP

      24576:Vn1alEjk+odRHc6UDuGZzjtE68lmiGtpfWHg2mWJztt+R+LteieKDRqHquI3uy4:VnY6NUMXZzR7L+AlWJpt+Y/ewyn

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks