Overview

overview

10

Static

static

3

JaffaCakes...d0.exe

windows7-x64

10

JaffaCakes...d0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_62727e3c7568b4cc97feda013a1bc851fe2682f5bca8a98ee4db0fd025fb76d0

  • Size

    2.4MB

  • Sample

    241229-lt7wfaymht

  • MD5

    9eeb9cb8686a5c889b129f1b0102d8f3

  • SHA1

    0dafd3c3221b52a501c128db6a6b1caa38cb40d6

  • SHA256

    62727e3c7568b4cc97feda013a1bc851fe2682f5bca8a98ee4db0fd025fb76d0

  • SHA512

    283056675c91a7aeaf31f06a42cb8e4eb15af641015de38e250b13ec2f44ccb0ac5039c71301eaee15fdd0327eeddc48975c9b3fe0c03f5101ef28dc08143b01

  • SSDEEP

    49152:+APZpKQMr3TZdWScpyS8w1F3RIh3xUuf3Qyx8Ya6NGAhyG0qoZn6i:+A4RdWLyJw7Off3Qyx8j6NGhGyZn6

Score
10/10
danabotbankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

C2

153.92.223.225:443

198.15.112.179:443

185.62.56.245:443

66.85.147.23:443
Attributes
  • embedded_hash

    61A1CB063216C13FFD2E15D7F3F515E2

  • type

    loader

Targets

    • Target

      JaffaCakes118_62727e3c7568b4cc97feda013a1bc851fe2682f5bca8a98ee4db0fd025fb76d0

    • Size

      2.4MB

    • MD5

      9eeb9cb8686a5c889b129f1b0102d8f3

    • SHA1

      0dafd3c3221b52a501c128db6a6b1caa38cb40d6

    • SHA256

      62727e3c7568b4cc97feda013a1bc851fe2682f5bca8a98ee4db0fd025fb76d0

    • SHA512

      283056675c91a7aeaf31f06a42cb8e4eb15af641015de38e250b13ec2f44ccb0ac5039c71301eaee15fdd0327eeddc48975c9b3fe0c03f5101ef28dc08143b01

    • SSDEEP

      49152:+APZpKQMr3TZdWScpyS8w1F3RIh3xUuf3Qyx8Ya6NGAhyG0qoZn6i:+A4RdWLyJw7Off3Qyx8j6NGhGyZn6

    Score
    10/10
    danabotbankerdiscoverytrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot family

      danabot

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks