Overview

overview

10

Static

static

warrant.exe

windows7_x64

10

warrant.exe

windows10_x64

10

Resubmissions

09-01-2022 20:57

220109-zryfwadfg8 10

09-01-2022 15:48

220109-s8xgksdhfn 10

Analysis

  • max time kernel
    135s
  • max time network
    124s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    09-01-2022 15:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    warrant.exe

  • Size

    1.1MB

  • MD5

    63d9b309582fbf651840182519c04f18

  • SHA1

    742539d685093f276242b1ca3fae82c0d20cad6a

  • SHA256

    8409da61f57fbdf4ad602f4065afaca1f98fce73277cd54163f8b3e39c03c8e3

  • SHA512

    c057b485f700071434df12cc27054936ecd904b4c302130c04f8317a0145f6e3c93ae556275b6d97bcddcbd7a26a1c22a112f9eb177c75fcc50cfb9cf1639385

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.4:443

103.175.16.113:443
Attributes
  • embedded_hash

    422236FD601D11EE82825A484D26DD6F

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\warrant.exe
    "C:\Users\Admin\AppData\Local\Temp\warrant.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3160
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\warrant.exe.dll,z C:\Users\Admin\AppData\Local\Temp\warrant.exe
      2⤵
      • Loads dropped DLL
      PID:3416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\warrant.exe.dll
    MD5

    15023780c189185181500bb6a8129036

    SHA1

    4e6affdc79faf7f5e3af7a16bbd713be7c67e905

    SHA256

    73f6c7930ace82734a5d8c562a59fec91d7acbfbbe92c32e9661253bf8998be6

    SHA512

    51e0d052f212404073a94d9a966ecbd937cd855e7ef6f647f7fc56eca6392128524e501100e5730e004f852e3715a29a48e6f6f2b0b2593d95952eb0b8d87eb3

    Download Submit
  • \Users\Admin\AppData\Local\Temp\warrant.exe.dll
    MD5

    15023780c189185181500bb6a8129036

    SHA1

    4e6affdc79faf7f5e3af7a16bbd713be7c67e905

    SHA256

    73f6c7930ace82734a5d8c562a59fec91d7acbfbbe92c32e9661253bf8998be6

    SHA512

    51e0d052f212404073a94d9a966ecbd937cd855e7ef6f647f7fc56eca6392128524e501100e5730e004f852e3715a29a48e6f6f2b0b2593d95952eb0b8d87eb3

    Download Submit
  • memory/3160-116-0x0000000004BA0000-0x0000000004C9A000-memory.dmp
    Filesize

    1000KB

    Download
  • memory/3160-115-0x0000000004AB0000-0x0000000004B93000-memory.dmp
    Filesize

    908KB

    Download
  • memory/3160-117-0x0000000000400000-0x0000000002C59000-memory.dmp
    Filesize

    40.3MB

    Download
  • memory/3416-118-0x0000000000000000-mapping.dmp
    Download