danabot | 1e0e448f97ce5a43facdae2ffec3d6a47fccea0810813045dfe633b0f88a8adb

Analysis

Target

1e0e448f97ce5a43facdae2ffec3d6a47fccea0810813045dfe633b0f88a8adb.exe
Size

1.7MB
MD5

20452164317009d2812bd3c2b6dd3792
SHA1

228ca1c489d432b875d4a1a19f0aaed26c249ba0
SHA256

1e0e448f97ce5a43facdae2ffec3d6a47fccea0810813045dfe633b0f88a8adb
SHA512

c8c2340735a3a49d48090bcac43682b82cd67fc24b4d5f4615a9e40d33cbe9d46f43c28102a8abbaf2270e7f238f31b8cdd637c69cd0ebe318fe001302042676

Score

10^/10

Family

danabot

192.119.110.73:443

192.236.192.201:443

Attributes

rsa_pubkey.plain

rsa_privkey.plain

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot Loader Component 4 IoCs

resource	yara_rule
behavioral1/files/0x0007000000000689-122.dat	DanabotLoader2021
behavioral1/files/0x0007000000000689-124.dat	DanabotLoader2021
behavioral1/files/0x0007000000000689-123.dat	DanabotLoader2021
behavioral1/memory/916-125-0x0000000003F30000-0x00000000041AD000-memory.dmp	DanabotLoader2021

Loads dropped DLL 2 IoCs

pid	Process
916	rundll32.exe
916	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 916	4484	1e0e448f97ce5a43facdae2ffec3d6a47fccea0810813045dfe633b0f88a8adb.exe	71
PID 4484 wrote to memory of 916	4484	1e0e448f97ce5a43facdae2ffec3d6a47fccea0810813045dfe633b0f88a8adb.exe	71
PID 4484 wrote to memory of 916	4484	1e0e448f97ce5a43facdae2ffec3d6a47fccea0810813045dfe633b0f88a8adb.exe	71

C:\Users\Admin\AppData\Local\Temp\1e0e448f97ce5a43facdae2ffec3d6a47fccea0810813045dfe633b0f88a8adb.exe
"C:\Users\Admin\AppData\Local\Temp\1e0e448f97ce5a43facdae2ffec3d6a47fccea0810813045dfe633b0f88a8adb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\1E0E44~1.DLL,s C:\Users\Admin\AppData\Local\Temp\1E0E44~1.EXE
  2⤵
  - Loads dropped DLL
  PID:916

memory/916-125-0x0000000003F30000-0x00000000041AD000-memory.dmp

Filesize
2.5MB

Download
memory/4484-119-0x0000000002810000-0x00000000029B7000-memory.dmp

Filesize
1.7MB

Download
memory/4484-118-0x0000000002680000-0x0000000002810000-memory.dmp

Filesize
1.6MB

Download
memory/4484-120-0x0000000000400000-0x00000000005B3000-memory.dmp

Filesize
1.7MB

Download