Overview

overview

10

Static

static

3

JaffaCakes...6f.exe

windows7-x64

10

JaffaCakes...6f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a843b2ee93fc1007fd09df11848e98f4d39057d73a91bcbb99889fb95e3bb86f

  • Size

    1.8MB

  • Sample

    241229-ac2gjswnaq

  • MD5

    8436817e6778e3eb5a74ba02b687ca7d

  • SHA1

    95058ad5387ec6fbde515d9eccc4c1c2ef805d2e

  • SHA256

    a843b2ee93fc1007fd09df11848e98f4d39057d73a91bcbb99889fb95e3bb86f

  • SHA512

    e8564dea965998baa44fdbe0e02e6c6f0536e0734039b6b502937774dd0f2a7740e80177339d68add732ce6e34b63583f90e8988c29366c742a75b8a9263ca06

  • SSDEEP

    24576:oJlo/1X4Amh32BP2OBLvWdi3WTyjxLvMG8kcepka/HnvIlOfiOJn4OvB7Yedxvii:o+Xo2R2BAWgZMo/nP6OJnPvndrj3Se0

Score
10/10
danabotbankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

C2

103.144.139.228:443

213.227.154.98:443

66.85.147.23:443

153.92.223.225:443
Attributes
  • embedded_hash

    A64A3A6ED13022027B84C77D31BE0C74

  • type

    loader

Targets

    • Target

      JaffaCakes118_a843b2ee93fc1007fd09df11848e98f4d39057d73a91bcbb99889fb95e3bb86f

    • Size

      1.8MB

    • MD5

      8436817e6778e3eb5a74ba02b687ca7d

    • SHA1

      95058ad5387ec6fbde515d9eccc4c1c2ef805d2e

    • SHA256

      a843b2ee93fc1007fd09df11848e98f4d39057d73a91bcbb99889fb95e3bb86f

    • SHA512

      e8564dea965998baa44fdbe0e02e6c6f0536e0734039b6b502937774dd0f2a7740e80177339d68add732ce6e34b63583f90e8988c29366c742a75b8a9263ca06

    • SSDEEP

      24576:oJlo/1X4Amh32BP2OBLvWdi3WTyjxLvMG8kcepka/HnvIlOfiOJn4OvB7Yedxvii:o+Xo2R2BAWgZMo/nP6OJnPvndrj3Se0

    Score
    10/10
    danabotbankerdiscoverytrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot family

      danabot

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks