General

  • Target

    JaffaCakes118_d8d6462a7a79df745772e6eedc631854767e28a6ef65d258bb8a59155684d009

  • Size

    1.3MB

  • Sample

    241224-wk44astjbw

  • MD5

    21bc18345ea163fda604fa584873097e

  • SHA1

    e8ee0e1ac915dfa5f3fc313c40681064f75f10a8

  • SHA256

    d8d6462a7a79df745772e6eedc631854767e28a6ef65d258bb8a59155684d009

  • SHA512

    4f728bfa319e1913ee1b120efe11eb4bb697a774b7bb334e09397edc71f94122dcf273e9f65413a47e5963ae5866db5c2f95a4072363fc022f64d47317cc8d08

  • SSDEEP

    24576:4svMRsrAmY8UQgy0naegqno/I4q43rXIx92WpeuUad0WkSBQERJFj:4RRsPY8tZ0nvneI4Rs/xpeuUmK8J

Malware Config

Extracted

Family

danabot

C2

149.3.170.160:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes
  • embedded_hash

    B820721BF2F0118AA5F8723A0AD25E65

  • type

    loader

Targets

    • Target

      JaffaCakes118_d8d6462a7a79df745772e6eedc631854767e28a6ef65d258bb8a59155684d009

    • Size

      1.3MB

    • MD5

      21bc18345ea163fda604fa584873097e

    • SHA1

      e8ee0e1ac915dfa5f3fc313c40681064f75f10a8

    • SHA256

      d8d6462a7a79df745772e6eedc631854767e28a6ef65d258bb8a59155684d009

    • SHA512

      4f728bfa319e1913ee1b120efe11eb4bb697a774b7bb334e09397edc71f94122dcf273e9f65413a47e5963ae5866db5c2f95a4072363fc022f64d47317cc8d08

    • SSDEEP

      24576:4svMRsrAmY8UQgy0naegqno/I4q43rXIx92WpeuUad0WkSBQERJFj:4RRsPY8tZ0nvneI4Rs/xpeuUmK8J

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks