Overview

overview

10

Static

static

3

JaffaCakes...30.exe

windows7-x64

10

JaffaCakes...30.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_615f140062ec218ca505d58cd3b89320a90061b8db2bfae7b0c6be6c5c99bc30

  • Size

    1.4MB

  • Sample

    241229-nm3n9azrbl

  • MD5

    13f8f3ba5cf9327119409776c39dd4c8

  • SHA1

    b3a210b68d69a09ea8eacd5e76466bf98ef7e12a

  • SHA256

    615f140062ec218ca505d58cd3b89320a90061b8db2bfae7b0c6be6c5c99bc30

  • SHA512

    21e91ccbcc9c6ac5d19ff5d5c0061057c3305a3f8225e372bb17a27b12ae2331857933ca401f30408b515b3682b8f2aebbd5f20de9e54e68b4c201721217b206

  • SSDEEP

    24576:SBeqeL/EdcCHRZOjUShrDplKoPI/uNw815dxqogk+gr:SB1BOCHklK4+I/dxqoz+

Score
10/10
danabotbankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443
Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      JaffaCakes118_615f140062ec218ca505d58cd3b89320a90061b8db2bfae7b0c6be6c5c99bc30

    • Size

      1.4MB

    • MD5

      13f8f3ba5cf9327119409776c39dd4c8

    • SHA1

      b3a210b68d69a09ea8eacd5e76466bf98ef7e12a

    • SHA256

      615f140062ec218ca505d58cd3b89320a90061b8db2bfae7b0c6be6c5c99bc30

    • SHA512

      21e91ccbcc9c6ac5d19ff5d5c0061057c3305a3f8225e372bb17a27b12ae2331857933ca401f30408b515b3682b8f2aebbd5f20de9e54e68b4c201721217b206

    • SSDEEP

      24576:SBeqeL/EdcCHRZOjUShrDplKoPI/uNw815dxqogk+gr:SB1BOCHklK4+I/dxqoz+

    Score
    10/10
    danabotbankerdiscoverytrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot family

      danabot

    • Blocklisted process makes network request

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks