Overview

overview

10

Static

static

3

JaffaCakes...03.exe

windows7-x64

10

JaffaCakes...03.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5ec235356c8d054bb7dbd4b3ee7e2ca08c38de28c2186eb5b4bb185b6f521903

  • Size

    1.4MB

  • Sample

    241229-nhq5nazqgy

  • MD5

    609031ccd0edc0fb9092ae4619ae6c5f

  • SHA1

    3418abe4c23482fb0aa5bf40f07330928515c3b5

  • SHA256

    5ec235356c8d054bb7dbd4b3ee7e2ca08c38de28c2186eb5b4bb185b6f521903

  • SHA512

    e31e6523d06d4e8204870f4bb3f9e8d215ef73056eaf690ccd40f43a704f597e2d904fb3f98f2b6e643da5b4adbff55112915ea0a67009cce8f76029460a3027

  • SSDEEP

    24576:vVxTezhziCPqdpYPoDTN2IYXDZaHkfFQ2bIFMPB//mDRBB3DfHn5SQFj:vV8s+qdOiWXD71iMPB//exD/n3F

Score
10/10
danabotbankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443
Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      JaffaCakes118_5ec235356c8d054bb7dbd4b3ee7e2ca08c38de28c2186eb5b4bb185b6f521903

    • Size

      1.4MB

    • MD5

      609031ccd0edc0fb9092ae4619ae6c5f

    • SHA1

      3418abe4c23482fb0aa5bf40f07330928515c3b5

    • SHA256

      5ec235356c8d054bb7dbd4b3ee7e2ca08c38de28c2186eb5b4bb185b6f521903

    • SHA512

      e31e6523d06d4e8204870f4bb3f9e8d215ef73056eaf690ccd40f43a704f597e2d904fb3f98f2b6e643da5b4adbff55112915ea0a67009cce8f76029460a3027

    • SSDEEP

      24576:vVxTezhziCPqdpYPoDTN2IYXDZaHkfFQ2bIFMPB//mDRBB3DfHn5SQFj:vV8s+qdOiWXD71iMPB//exD/n3F

    Score
    10/10
    danabotbankerdiscoverytrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot family

      danabot

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks