General

  • Target

    JaffaCakes118_c8f6ef5e44f2c9e4a090e781a2240901ef8a305c48cf6dd3f8ab7f6c3233fe2e

  • Size

    1.2MB

  • Sample

    241225-d6s9tawqcv

  • MD5

    2da264809fd8bf18ef7726eb24255eaf

  • SHA1

    732eddd75364c669197a8c4ca30a15890a4554fe

  • SHA256

    c8f6ef5e44f2c9e4a090e781a2240901ef8a305c48cf6dd3f8ab7f6c3233fe2e

  • SHA512

    960a059b2df608012c98648905d258942df3beb7d263b011c336456d3cf9521f8b3d339881f7b6c2aedcf9335dd9eb9634dd9f8c7a31cf056cda42ad8f9862ec

  • SSDEEP

    24576:DJyY7O/RC65uoZldI/6/QmrdkCcM2GRh/Ot6UlYO+FA:DhQRT5uCa6tGQhQOO+F

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      JaffaCakes118_c8f6ef5e44f2c9e4a090e781a2240901ef8a305c48cf6dd3f8ab7f6c3233fe2e

    • Size

      1.2MB

    • MD5

      2da264809fd8bf18ef7726eb24255eaf

    • SHA1

      732eddd75364c669197a8c4ca30a15890a4554fe

    • SHA256

      c8f6ef5e44f2c9e4a090e781a2240901ef8a305c48cf6dd3f8ab7f6c3233fe2e

    • SHA512

      960a059b2df608012c98648905d258942df3beb7d263b011c336456d3cf9521f8b3d339881f7b6c2aedcf9335dd9eb9634dd9f8c7a31cf056cda42ad8f9862ec

    • SSDEEP

      24576:DJyY7O/RC65uoZldI/6/QmrdkCcM2GRh/Ot6UlYO+FA:DhQRT5uCa6tGQhQOO+F

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Danabot family

    • Blocklisted process makes network request

MITRE ATT&CK Enterprise v15

Tasks