Overview

overview

10

Static

static

b02c3131bf...ed.exe

windows7_x64

10

b02c3131bf...ed.exe

windows10_x64

10

Analysis

  • max time kernel
    132s
  • max time network
    141s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09-11-2020 20:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b02c3131bf5fb12b3fae117632dc86ed.exe

  • Size

    2.6MB

  • MD5

    b02c3131bf5fb12b3fae117632dc86ed

  • SHA1

    4fcc44307fa4c5826a7d33109917b3cb436722fd

  • SHA256

    9309025b86610fc4dade312f3681fa0e9370dcecca1563393fe4866d4e718d19

  • SHA512

    00c388778f35becdcbf0460b57cc5bedad70cdbf7872e9a3d1ce55d17a5690a3c5374e9610ba1c729e6e1a1574c4cfa27908904c18e3bd77438c78d2371d76dd

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

45.147.231.202

23.83.133.10

137.74.66.92

185.227.138.52

192.236.146.249

149.255.35.125
rsa_pubkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot x86 payload 4 IoCs

    Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    botnet
  • Blocklisted process makes network request 8 IoCs
  • Loads dropped DLL 3 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b02c3131bf5fb12b3fae117632dc86ed.exe
    "C:\Users\Admin\AppData\Local\Temp\b02c3131bf5fb12b3fae117632dc86ed.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3980
    • C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\AppData\Local\Temp\B02C31~1.DLL f1 C:\Users\Admin\AppData\Local\Temp\B02C31~1.EXE@3980
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:3184
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\B02C31~1.DLL,f0
        3⤵
        • Blocklisted process makes network request
        • Loads dropped DLL
        PID:3644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\B02C31~1.DLL
    MD5

    414bc892169d57d097d7fc1a04da3624

    SHA1

    fbf48c2ea902de9e216032ec867561023220d577

    SHA256

    a1fcf4274e1f86fd689efc29859b6d4aef772915a9d346bc29c9e514b3b51798

    SHA512

    225dc50a998ccd05b8dad6800aeccbc13b91060d49cb0d9c37049ead538b00912f22ffbca55f670db93582356bb4199d969ded1a053f86157e512f3cc3e7e7ae

    Download Submit
  • \Users\Admin\AppData\Local\Temp\B02C31~1.DLL
    MD5

    414bc892169d57d097d7fc1a04da3624

    SHA1

    fbf48c2ea902de9e216032ec867561023220d577

    SHA256

    a1fcf4274e1f86fd689efc29859b6d4aef772915a9d346bc29c9e514b3b51798

    SHA512

    225dc50a998ccd05b8dad6800aeccbc13b91060d49cb0d9c37049ead538b00912f22ffbca55f670db93582356bb4199d969ded1a053f86157e512f3cc3e7e7ae

    Download Submit
  • \Users\Admin\AppData\Local\Temp\B02C31~1.DLL
    MD5

    414bc892169d57d097d7fc1a04da3624

    SHA1

    fbf48c2ea902de9e216032ec867561023220d577

    SHA256

    a1fcf4274e1f86fd689efc29859b6d4aef772915a9d346bc29c9e514b3b51798

    SHA512

    225dc50a998ccd05b8dad6800aeccbc13b91060d49cb0d9c37049ead538b00912f22ffbca55f670db93582356bb4199d969ded1a053f86157e512f3cc3e7e7ae

    Download Submit
  • \Users\Admin\AppData\Local\Temp\B02C31~1.DLL
    MD5

    414bc892169d57d097d7fc1a04da3624

    SHA1

    fbf48c2ea902de9e216032ec867561023220d577

    SHA256

    a1fcf4274e1f86fd689efc29859b6d4aef772915a9d346bc29c9e514b3b51798

    SHA512

    225dc50a998ccd05b8dad6800aeccbc13b91060d49cb0d9c37049ead538b00912f22ffbca55f670db93582356bb4199d969ded1a053f86157e512f3cc3e7e7ae

    Download Submit
  • memory/3184-2-0x0000000000000000-mapping.dmp
    Download
  • memory/3644-5-0x0000000000000000-mapping.dmp
    Download
  • memory/3980-1-0x0000000002BA0000-0x0000000002BA1000-memory.dmp
    Filesize

    4KB

    Download