Overview

overview

10

Static

static

3

JaffaCakes...ae.exe

windows7-x64

10

JaffaCakes...ae.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a6527756cd277ec13dbb48b54dc3484c18b1696acfe490356917a0cade592bae

  • Size

    1.3MB

  • Sample

    241225-zjhepaxjav

  • MD5

    1e9ae2e8600732ba00db5d88026a2808

  • SHA1

    9ec81f7757e3109a3b674b379cb9e5e5ce965e78

  • SHA256

    a6527756cd277ec13dbb48b54dc3484c18b1696acfe490356917a0cade592bae

  • SHA512

    a1e6a52a80212eadb1e1d4b2312e4b47ef9b2c6676bb5985af665f75c4d00c00c8e6f15bb9bd222dfb52ddff995884dc6239aaaf53bf07dd6b25d577a9b9ce96

  • SSDEEP

    24576:wN0Ph1w5piac9DvFRpuk1VmqmvtctBmHk2zY5c6ChQeuOrduC7iM:w+p1oiaiDLpdmxVctkzYO6CS8uC

Score
10/10
danabotbankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443
Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      JaffaCakes118_a6527756cd277ec13dbb48b54dc3484c18b1696acfe490356917a0cade592bae

    • Size

      1.3MB

    • MD5

      1e9ae2e8600732ba00db5d88026a2808

    • SHA1

      9ec81f7757e3109a3b674b379cb9e5e5ce965e78

    • SHA256

      a6527756cd277ec13dbb48b54dc3484c18b1696acfe490356917a0cade592bae

    • SHA512

      a1e6a52a80212eadb1e1d4b2312e4b47ef9b2c6676bb5985af665f75c4d00c00c8e6f15bb9bd222dfb52ddff995884dc6239aaaf53bf07dd6b25d577a9b9ce96

    • SSDEEP

      24576:wN0Ph1w5piac9DvFRpuk1VmqmvtctBmHk2zY5c6ChQeuOrduC7iM:w+p1oiaiDLpdmxVctkzYO6CS8uC

    Score
    10/10
    danabotbankerdiscoverytrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot family

      danabot

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks