Overview

overview

10

Static

static

3

JaffaCakes...bd.exe

windows7-x64

10

JaffaCakes...bd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_56f09bdae8a65d59183b4481bf870c4742f1e9b370e46ad3f725408c779dfbbd

  • Size

    1.2MB

  • Sample

    241225-rnmwzavmdx

  • MD5

    c320f3397530d436baf1236d456488ef

  • SHA1

    b0d7746d72b632d5c06c6c19d1f631570f42d238

  • SHA256

    56f09bdae8a65d59183b4481bf870c4742f1e9b370e46ad3f725408c779dfbbd

  • SHA512

    e61447e0eed7e065a3a311493e58b33e7af46aa50ec82e541e55c5633ed65e1bb72277fb1681af461c3238c34c8139d54d011449bb5145b655cba644cab8599a

  • SSDEEP

    24576:rm+5Dd+e8yOdIBL8imIlvjI2I0pch/ey2Ck2xhesajn0+acKiywzC6:rma+e8yOd8RRtTpcVb2exssG0+ahd

Score
10/10
danabotbankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443
Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      JaffaCakes118_56f09bdae8a65d59183b4481bf870c4742f1e9b370e46ad3f725408c779dfbbd

    • Size

      1.2MB

    • MD5

      c320f3397530d436baf1236d456488ef

    • SHA1

      b0d7746d72b632d5c06c6c19d1f631570f42d238

    • SHA256

      56f09bdae8a65d59183b4481bf870c4742f1e9b370e46ad3f725408c779dfbbd

    • SHA512

      e61447e0eed7e065a3a311493e58b33e7af46aa50ec82e541e55c5633ed65e1bb72277fb1681af461c3238c34c8139d54d011449bb5145b655cba644cab8599a

    • SSDEEP

      24576:rm+5Dd+e8yOdIBL8imIlvjI2I0pch/ey2Ck2xhesajn0+acKiywzC6:rma+e8yOd8RRtTpcVb2exssG0+ahd

    Score
    10/10
    danabotbankerdiscoverytrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot family

      danabot

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks