Analysis
-
max time kernel
120s -
max time network
123s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
25-11-2021 17:00
General
-
Target
a36184092b422b9cb180f6a4c4d6b9545c2f10b1d25aa611bf45f6fafbe90dc9.dll
-
Size
1.9MB
-
MD5
d5607b091fafd1ea27fbcb1ed95ef2c1
-
SHA1
2959f5f742b7469e05d8d62d405b4778cf07e998
-
SHA256
a36184092b422b9cb180f6a4c4d6b9545c2f10b1d25aa611bf45f6fafbe90dc9
-
SHA512
b8838b8b38a53610c7a00fb3d0f17a1586d34b666eb582fdf4767a6b734f1f8e74c5e04e02bfc501ba005954c34782ed84063ed162da888db22e7f30d38327c3
Score
10/10
Malware Config
Extracted
Family
danabot
C2
185.117.90.36:443
193.42.36.59:443
193.56.146.53:443
185.106.123.228:443
Attributes
-
embedded_hash
07284E2A3AB3C2E1FFFBD425849BE150
-
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Signatures
-
Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
-
Danabot Loader Component 3 IoCs
-
Blocklisted process makes network request 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a36184092b422b9cb180f6a4c4d6b9545c2f10b1d25aa611bf45f6fafbe90dc9.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a36184092b422b9cb180f6a4c4d6b9545c2f10b1d25aa611bf45f6fafbe90dc9.dll,#12⤵
- Blocklisted process makes network request
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/3404-115-0x0000000000000000-mapping.dmp
-
memory/3404-116-0x0000000004380000-0x0000000004574000-memory.dmpFilesize
2.0MB
-
memory/3404-118-0x0000000004380000-0x0000000004574000-memory.dmpFilesize
2.0MB
-
memory/3404-120-0x0000000004380000-0x0000000004574000-memory.dmpFilesize
2.0MB
-
memory/3404-121-0x0000000004381000-0x00000000044F8000-memory.dmpFilesize
1.5MB
-
memory/3404-119-0x0000000004380000-0x00000000044E0000-memory.dmpFilesize
1.4MB
-
memory/3404-126-0x00000000005F0000-0x00000000005F1000-memory.dmpFilesize
4KB