Overview

overview

10

Static

static

8fba92e773...77.exe

windows7_x64

10

8fba92e773...77.exe

windows10-2004_x64

10

Resubmissions

03-05-2022 13:05

220503-qbj4wafba7 8

20-04-2022 06:43

220420-hgxcdshgam 8

Analysis

  • max time kernel
    146s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    03-05-2022 13:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fba92e7730c734197c8e5977533df77.exe

  • Size

    975KB

  • MD5

    8fba92e7730c734197c8e5977533df77

  • SHA1

    8106d808d0199d230b5943f15b1d85d05334d3ea

  • SHA256

    72cb26ac08fa4ba35112a093b506eb97f730537f9a011a20ad8049d4da6fcb77

  • SHA512

    ab1e7246e219b63b65082de10be4f6880bee0e1b04a50722bb7a1b8cfa81853a5793f581decfc43b5f1cf02d01fdd4fa3bc047cbc28afc0f37f6f87b75b397bb

Score
10/10
danabot7bankertrojan

Malware Config

Extracted

Family

danabot

Attributes
  • type

    loader

Extracted

Family

danabot

Botnet

7

Attributes
  • embedded_hash

    7E121872EDA1FC9ABB4099F6D6AE1D49

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Blocklisted process makes network request 6 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fba92e7730c734197c8e5977533df77.exe
    "C:\Users\Admin\AppData\Local\Temp\8fba92e7730c734197c8e5977533df77.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2500
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
      2⤵
      • Blocklisted process makes network request
      PID:4324
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 624
      2⤵
      • Program crash
      PID:4068
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2500 -ip 2500
    1⤵
      PID:4672

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2500-130-0x0000000002305000-0x00000000023CC000-memory.dmp

      Filesize

      796KB

      Download

    • memory/2500-131-0x00000000023D0000-0x00000000025BA000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/2500-132-0x0000000000400000-0x00000000005F6000-memory.dmp

      Filesize

      2.0MB

      Download