General

  • Target

    JaffaCakes118_65d55a4c25d6c1bde35b3d299ab1779787db5e39bfbce51dde7cc0479fc532ce

  • Size

    1.3MB

  • Sample

    241224-sy682a1kgl

  • MD5

    c73dbd6b95f1f8dceee264ed06cc5afa

  • SHA1

    51efc83eacd385fc7f74ad84147bcd1bee1b3a70

  • SHA256

    65d55a4c25d6c1bde35b3d299ab1779787db5e39bfbce51dde7cc0479fc532ce

  • SHA512

    dac2db6c5a9d838dc6903e3a442047e40e72a283591dd6336f84df0fed08363623b1e80b6c0816578b460267d8965b9b9267b0ee7316d68e06fb999ae584e376

  • SSDEEP

    24576:UhsPk6ZTjhq1goar8z3mODuxBILKxv3U3INcH/YAp6pUOKaNzp:U+P9Tjhzoaoz5EBILKxvSlp6pUMz

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      JaffaCakes118_65d55a4c25d6c1bde35b3d299ab1779787db5e39bfbce51dde7cc0479fc532ce

    • Size

      1.3MB

    • MD5

      c73dbd6b95f1f8dceee264ed06cc5afa

    • SHA1

      51efc83eacd385fc7f74ad84147bcd1bee1b3a70

    • SHA256

      65d55a4c25d6c1bde35b3d299ab1779787db5e39bfbce51dde7cc0479fc532ce

    • SHA512

      dac2db6c5a9d838dc6903e3a442047e40e72a283591dd6336f84df0fed08363623b1e80b6c0816578b460267d8965b9b9267b0ee7316d68e06fb999ae584e376

    • SSDEEP

      24576:UhsPk6ZTjhq1goar8z3mODuxBILKxv3U3INcH/YAp6pUOKaNzp:U+P9Tjhzoaoz5EBILKxvSlp6pUMz

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks