Overview

overview

10

Static

static

3

JaffaCakes...14.exe

windows7-x64

10

JaffaCakes...14.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_aa8589e6e7393fac20fdd0def2f8487b0f6811060eaeb083afd3d64ee45f9514

  • Size

    1.4MB

  • Sample

    241225-t6kknsypgp

  • MD5

    e3e2f1d5a8d7fb9fe7ec80f98452f793

  • SHA1

    0c911928e67665324a2a75bd0827f6c1865df85c

  • SHA256

    aa8589e6e7393fac20fdd0def2f8487b0f6811060eaeb083afd3d64ee45f9514

  • SHA512

    605a6f7a1b7f06380024325fecdeee6914814d1b836fec7980236879d6704fe7eb21ea5f51da7a76194e88029949e464bc78ac4e57706ae45b2ddb79fc979c07

  • SSDEEP

    24576:7JS6yX9ZHwfFpgDlhA4BeSazc6c9HTfekczRIJKtEaCzOOF/fyD/Ds70eN3kUnm+:7JFQ9ZHwNpgDlS4BeSqcplfe5RI6m/Fx

Score
10/10
danabotbankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443
Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      JaffaCakes118_aa8589e6e7393fac20fdd0def2f8487b0f6811060eaeb083afd3d64ee45f9514

    • Size

      1.4MB

    • MD5

      e3e2f1d5a8d7fb9fe7ec80f98452f793

    • SHA1

      0c911928e67665324a2a75bd0827f6c1865df85c

    • SHA256

      aa8589e6e7393fac20fdd0def2f8487b0f6811060eaeb083afd3d64ee45f9514

    • SHA512

      605a6f7a1b7f06380024325fecdeee6914814d1b836fec7980236879d6704fe7eb21ea5f51da7a76194e88029949e464bc78ac4e57706ae45b2ddb79fc979c07

    • SSDEEP

      24576:7JS6yX9ZHwfFpgDlhA4BeSazc6c9HTfekczRIJKtEaCzOOF/fyD/Ds70eN3kUnm+:7JFQ9ZHwNpgDlS4BeSqcplfe5RI6m/Fx

    Score
    10/10
    danabotbankerdiscoverytrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot family

      danabot

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks