General

  • Target

    JaffaCakes118_9eebce8383071dd565ccd67a626cd0809ef9928af7555c610d979cc4d52eaf0f

  • Size

    2.3MB

  • Sample

    241224-zv82saxmhk

  • MD5

    881a3bb370849ebfc0381b310a15c12b

  • SHA1

    fed883de3633310e643ff878e4576f4ca23c979f

  • SHA256

    9eebce8383071dd565ccd67a626cd0809ef9928af7555c610d979cc4d52eaf0f

  • SHA512

    52772a4e5a1b0b6e838aa79f45fd1c62f0ae78807e033ee448b17fdc3bf639526ddda066363e362455da1eb2e9aa117ce55db58ca7f6ed7003f0997ff4b9bd54

  • SSDEEP

    49152:HBunMOW4JRYIgw9u6KqjsX/rjhiDJVxD1E2HgCcz45PZy+dbQm:hunMO5YInurqjsHgVxSZz45PZyhm

Malware Config

Extracted

Family

danabot

C2

153.92.223.225:443

185.62.56.245:443

198.15.112.179:443

Attributes
  • embedded_hash

    5B850BFD39D47030C0AAC0024D43ABEA

  • type

    loader

Targets

    • Target

      JaffaCakes118_9eebce8383071dd565ccd67a626cd0809ef9928af7555c610d979cc4d52eaf0f

    • Size

      2.3MB

    • MD5

      881a3bb370849ebfc0381b310a15c12b

    • SHA1

      fed883de3633310e643ff878e4576f4ca23c979f

    • SHA256

      9eebce8383071dd565ccd67a626cd0809ef9928af7555c610d979cc4d52eaf0f

    • SHA512

      52772a4e5a1b0b6e838aa79f45fd1c62f0ae78807e033ee448b17fdc3bf639526ddda066363e362455da1eb2e9aa117ce55db58ca7f6ed7003f0997ff4b9bd54

    • SSDEEP

      49152:HBunMOW4JRYIgw9u6KqjsX/rjhiDJVxD1E2HgCcz45PZy+dbQm:hunMO5YInurqjsHgVxSZz45PZyhm

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Blocklisted process makes network request

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks