danabot | 2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd | Triage

Submit
Reports

Overview

overview

Static

static

3

JaffaCakes...9d.dll

windows7-x64

JaffaCakes...9d.dll

windows10-2004-x64

Sharing

General

Target

JaffaCakes118_de8b54a938ac18f15cad804d79a0e19d
Size

2.5MB
Sample

250110-jdmjfsxjgz
MD5

de8b54a938ac18f15cad804d79a0e19d
SHA1

b6004c62e2d9dbad9cfd5f7e18647ac983788766
SHA256

2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd
SHA512

7b64a99baafc8e692a47b9856f96b6bafa3cae22bd293c0e8faf148bdfe3f1401d5c316017b5c2f778d02ebc87edd2474e525b225ddc00685bb14da4c484e776
SSDEEP

49152:ZgZziYTt//YDt2Z/fZMdzUAOC5n+LlrxFTGWgKq:Z0ziYTKh2Z/f6AAOGarxFTG/v

Score

10^/10

danabot 40 banker discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

JaffaCakes118_de8b54a938ac18f15cad804d79a0e19d.dll

Resource

win7-20240708-en

danabot 40 banker discovery trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

JaffaCakes118_de8b54a938ac18f15cad804d79a0e19d.dll

Resource

win10v2004-20241007-en

danabot 40 banker discovery trojan

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.158.250.216:443

194.76.225.46:443

45.11.180.153:443

194.76.225.61:443

Attributes

embedded_hash
AD14EA44261341E3690FA8CC1E236523
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Targets

- Target
  
  JaffaCakes118_de8b54a938ac18f15cad804d79a0e19d
- Size
  
  2.5MB
- MD5
  
  de8b54a938ac18f15cad804d79a0e19d
- SHA1
  
  b6004c62e2d9dbad9cfd5f7e18647ac983788766
- SHA256
  
  2a3acdcd76575762b18c18c644a745125f55ce121f742d2aad962521bc7f25fd
- SHA512
  
  7b64a99baafc8e692a47b9856f96b6bafa3cae22bd293c0e8faf148bdfe3f1401d5c316017b5c2f778d02ebc87edd2474e525b225ddc00685bb14da4c484e776
- SSDEEP
  
  49152:ZgZziYTt//YDt2Z/fZMdzUAOC5n+LlrxFTGWgKq:Z0ziYTKh2Z/f6AAOGarxFTG/v
Score

10^/10

danabot 40 banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Danabot Loader Component
- Danabot family
  danabot
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabot40bankerdiscoverytrojan

behavioral2

danabot40bankerdiscoverytrojan

© 2018-2025

Terms | Privacy