General

  • Target

    JaffaCakes118_5e056d6acc82cf88bd815a6d5bfd9e68e1fc39b40be527bd49f98a35603e78dc

  • Size

    2.3MB

  • Sample

    241224-z3xnqaxnbz

  • MD5

    eff406e8d2e15ea1584522b8a45318d4

  • SHA1

    2dd62d8816da6ce0f0f162e7b7512dfcf942af50

  • SHA256

    5e056d6acc82cf88bd815a6d5bfd9e68e1fc39b40be527bd49f98a35603e78dc

  • SHA512

    b3cc0b141d0ce23ef0772d1fdb3f15d33a827eddb797ac36d03d9762b2bdea31f44d5d013e181673769492cca7b05383554ebc52a4e8b5dca3158712094717df

  • SSDEEP

    49152:JPLINXLva+kNJ3I2F5PwPVdEJaOk0AUMVRrmKLoa/cmKQ:J8NXLva+CFmPQUZ0/M3rmUoa

Malware Config

Extracted

Family

danabot

C2

153.92.223.225:443

185.62.56.245:443

198.15.112.179:443

Attributes
  • embedded_hash

    5B850BFD39D47030C0AAC0024D43ABEA

  • type

    loader

Targets

    • Target

      JaffaCakes118_5e056d6acc82cf88bd815a6d5bfd9e68e1fc39b40be527bd49f98a35603e78dc

    • Size

      2.3MB

    • MD5

      eff406e8d2e15ea1584522b8a45318d4

    • SHA1

      2dd62d8816da6ce0f0f162e7b7512dfcf942af50

    • SHA256

      5e056d6acc82cf88bd815a6d5bfd9e68e1fc39b40be527bd49f98a35603e78dc

    • SHA512

      b3cc0b141d0ce23ef0772d1fdb3f15d33a827eddb797ac36d03d9762b2bdea31f44d5d013e181673769492cca7b05383554ebc52a4e8b5dca3158712094717df

    • SSDEEP

      49152:JPLINXLva+kNJ3I2F5PwPVdEJaOk0AUMVRrmKLoa/cmKQ:J8NXLva+CFmPQUZ0/M3rmUoa

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks