Overview

overview

10

Static

static

3b2e2b3698...c5.exe

windows7_x64

10

3b2e2b3698...c5.exe

windows10_x64

10

Analysis

  • max time kernel
    135s
  • max time network
    149s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    10-01-2022 07:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3b2e2b369895d2fd94a07ef3c66978c5.exe

  • Size

    1.1MB

  • MD5

    3b2e2b369895d2fd94a07ef3c66978c5

  • SHA1

    91a09480fad625eae27f4df3e6de3e7e2cfec949

  • SHA256

    220952caf42db06de1b1b80c1f95884419ebd90a667a07fa8da6792db1404316

  • SHA512

    1be44c64c59b7c7c1236e30aa88c989263f763511615022c0f4e5ff8e898a8e6a9a19dcd5ac5311af3b9438983b09ee301496ba78df774de154b410209104734

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

192.119.110.4:443

103.175.16.113:443
Attributes
  • embedded_hash

    422236FD601D11EE82825A484D26DD6F

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b2e2b369895d2fd94a07ef3c66978c5.exe
    "C:\Users\Admin\AppData\Local\Temp\3b2e2b369895d2fd94a07ef3c66978c5.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2704
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b2e2b369895d2fd94a07ef3c66978c5.exe.dll,z C:\Users\Admin\AppData\Local\Temp\3b2e2b369895d2fd94a07ef3c66978c5.exe
      2⤵
      • Loads dropped DLL
      PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3b2e2b369895d2fd94a07ef3c66978c5.exe.dll
    MD5

    67be156a9e8aa3b3f85e8fcf3e5d610c

    SHA1

    9f1a6d241566e8023d52013f93a56928bd57658e

    SHA256

    64afd7ccbe2db294e4ea84e915ec2b9f1774b4034bfa541253f689588b328180

    SHA512

    0774f9cc7dbc72483a1e5ebc4fb90fd6b819cf4d633fe35fa07c95867a381a26b7dc3dcf493552e0d53aea7d2eeb7e059b98699ac96f62cc28b2b618fbd4bee3

    Download Submit
  • \Users\Admin\AppData\Local\Temp\3b2e2b369895d2fd94a07ef3c66978c5.exe.dll
    MD5

    67be156a9e8aa3b3f85e8fcf3e5d610c

    SHA1

    9f1a6d241566e8023d52013f93a56928bd57658e

    SHA256

    64afd7ccbe2db294e4ea84e915ec2b9f1774b4034bfa541253f689588b328180

    SHA512

    0774f9cc7dbc72483a1e5ebc4fb90fd6b819cf4d633fe35fa07c95867a381a26b7dc3dcf493552e0d53aea7d2eeb7e059b98699ac96f62cc28b2b618fbd4bee3

    Download Submit
  • memory/2704-115-0x0000000004AE0000-0x0000000004BC3000-memory.dmp
    Filesize

    908KB

    Download
  • memory/2704-116-0x0000000004BF0000-0x0000000004CEA000-memory.dmp
    Filesize

    1000KB

    Download
  • memory/2704-117-0x0000000000400000-0x0000000002C59000-memory.dmp
    Filesize

    40.3MB

    Download
  • memory/2864-118-0x0000000000000000-mapping.dmp
    Download