Overview

overview

10

Static

static

d91c10b601...f3.exe

windows7_x64

10

d91c10b601...f3.exe

windows10_x64

10

Analysis

  • max time kernel
    134s
  • max time network
    146s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09-11-2020 20:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d91c10b6010d6e7593974ae3278cbbf3.exe

  • Size

    2.7MB

  • MD5

    d91c10b6010d6e7593974ae3278cbbf3

  • SHA1

    1fd45fdbde1168b3c085805df7399398fc85b2cb

  • SHA256

    cd38592468e54623dc5c89529203dbc21ede6cfe95523d2f146449019288038c

  • SHA512

    3a231c2e9e9ba05c07c5229ef53dcd009bb876c661ba9af6f06bb6d48b2d0ee4570f5bcb956d7d011df9c77995ed3e18d70c104b579522df60cc53dc54ff74eb

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

142.11.240.144

45.153.243.113

88.150.227.95
rsa_pubkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot x86 payload 3 IoCs

    Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    botnet
  • Blocklisted process makes network request 7 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d91c10b6010d6e7593974ae3278cbbf3.exe
    "C:\Users\Admin\AppData\Local\Temp\d91c10b6010d6e7593974ae3278cbbf3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1180
    • C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\AppData\Local\Temp\D91C10~1.DLL f1 C:\Users\Admin\AppData\Local\Temp\D91C10~1.EXE@1180
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3632
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\D91C10~1.DLL,f0
        3⤵
        • Blocklisted process makes network request
        • Loads dropped DLL
        PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\D91C10~1.DLL
    MD5

    4b1759cc40e9d935ef47c57deb4608ab

    SHA1

    e1ffbef9c1f07394d03b8af8f666df9f980c0626

    SHA256

    91f107648a048f50e25c350d3e2c6c94e3f39775815179e011fed5548fde7917

    SHA512

    18829e61de42f0dfb01186abe334141bf0e3d649c015298727c857300ba3d95e9286b4edf59422292e39c39a956f0aced51a6596b7cf5979c023b82344adb082

    Download Submit

  • \Users\Admin\AppData\Local\Temp\D91C10~1.DLL
    MD5

    4b1759cc40e9d935ef47c57deb4608ab

    SHA1

    e1ffbef9c1f07394d03b8af8f666df9f980c0626

    SHA256

    91f107648a048f50e25c350d3e2c6c94e3f39775815179e011fed5548fde7917

    SHA512

    18829e61de42f0dfb01186abe334141bf0e3d649c015298727c857300ba3d95e9286b4edf59422292e39c39a956f0aced51a6596b7cf5979c023b82344adb082

    Download Submit

  • \Users\Admin\AppData\Local\Temp\D91C10~1.DLL
    MD5

    4b1759cc40e9d935ef47c57deb4608ab

    SHA1

    e1ffbef9c1f07394d03b8af8f666df9f980c0626

    SHA256

    91f107648a048f50e25c350d3e2c6c94e3f39775815179e011fed5548fde7917

    SHA512

    18829e61de42f0dfb01186abe334141bf0e3d649c015298727c857300ba3d95e9286b4edf59422292e39c39a956f0aced51a6596b7cf5979c023b82344adb082

    Download Submit

  • memory/1180-1-0x0000000002650000-0x0000000002651000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2668-5-0x0000000000000000-mapping.dmp

    Download

  • memory/3632-2-0x0000000000000000-mapping.dmp

    Download