Overview

overview

10

Static

static

3

JaffaCakes...30.exe

windows7-x64

10

JaffaCakes...30.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    140s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    29-12-2024 11:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_615f140062ec218ca505d58cd3b89320a90061b8db2bfae7b0c6be6c5c99bc30.exe

  • Size

    1.4MB

  • MD5

    13f8f3ba5cf9327119409776c39dd4c8

  • SHA1

    b3a210b68d69a09ea8eacd5e76466bf98ef7e12a

  • SHA256

    615f140062ec218ca505d58cd3b89320a90061b8db2bfae7b0c6be6c5c99bc30

  • SHA512

    21e91ccbcc9c6ac5d19ff5d5c0061057c3305a3f8225e372bb17a27b12ae2331857933ca401f30408b515b3682b8f2aebbd5f20de9e54e68b4c201721217b206

  • SSDEEP

    24576:SBeqeL/EdcCHRZOjUShrDplKoPI/uNw815dxqogk+gr:SB1BOCHklK4+I/dxqoz+

Score
10/10
danabotbankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot family
    danabot
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_615f140062ec218ca505d58cd3b89320a90061b8db2bfae7b0c6be6c5c99bc30.exe
    "C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_615f140062ec218ca505d58cd3b89320a90061b8db2bfae7b0c6be6c5c99bc30.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:432
    • C:\Windows\SysWOW64\AdapterTroubleshooter.exe
      C:\Windows\system32\AdapterTroubleshooter.exe
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/432-0-0x0000000000870000-0x0000000000996000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/432-1-0x0000000000870000-0x0000000000996000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/432-2-0x0000000002100000-0x00000000023DB000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/432-3-0x0000000000400000-0x00000000006E8000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/432-4-0x0000000000400000-0x00000000006E8000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/432-5-0x0000000000870000-0x0000000000996000-memory.dmp

    Filesize

    1.1MB

    Download

  • memory/432-6-0x0000000002100000-0x00000000023DB000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/432-13-0x0000000000400000-0x00000000006E8000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/432-14-0x0000000000400000-0x00000000006E8000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/432-15-0x0000000000400000-0x00000000006E8000-memory.dmp

    Filesize

    2.9MB

    Download