Overview

overview

10

Static

static

3

JaffaCakes...16.exe

windows7-x64

10

JaffaCakes...16.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_63149e00a309121e678f5aef568fbb12203592e7ce5486b666a8226351824716

  • Size

    1.4MB

  • Sample

    241226-ys6m7sxqdj

  • MD5

    08d37be3ed03fcf070c48a7ebe405eb7

  • SHA1

    f3ea40bc3022c63b9cb7dc799c5547cdb3eb473f

  • SHA256

    63149e00a309121e678f5aef568fbb12203592e7ce5486b666a8226351824716

  • SHA512

    138d85c12575dac407056a84dadb37ac76c80034e64cafe6186e858a92c45f51d4cfc046d5e505d5e1d69cfe8f7a957883aa70c38c52c9d708073896b4cd4068

  • SSDEEP

    24576:EAm0BsOOY8cMVehauGpLCVXn+CIAAKY3IVqTQ1BGcqN+Y1riqwXT:EAZsO38cbopGVXnAZKcIVqU1BZY1r

Score
10/10
danabotbankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443
Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Targets

    • Target

      JaffaCakes118_63149e00a309121e678f5aef568fbb12203592e7ce5486b666a8226351824716

    • Size

      1.4MB

    • MD5

      08d37be3ed03fcf070c48a7ebe405eb7

    • SHA1

      f3ea40bc3022c63b9cb7dc799c5547cdb3eb473f

    • SHA256

      63149e00a309121e678f5aef568fbb12203592e7ce5486b666a8226351824716

    • SHA512

      138d85c12575dac407056a84dadb37ac76c80034e64cafe6186e858a92c45f51d4cfc046d5e505d5e1d69cfe8f7a957883aa70c38c52c9d708073896b4cd4068

    • SSDEEP

      24576:EAm0BsOOY8cMVehauGpLCVXn+CIAAKY3IVqTQ1BGcqN+Y1riqwXT:EAZsO38cbopGVXnAZKcIVqU1BZY1r

    Score
    10/10
    danabotbankerdiscoverytrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot family

      danabot

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks