Overview

overview

10

Static

static

341d69cf4f...cf.exe

windows7_x64

10

341d69cf4f...cf.exe

windows10-2004_x64

10

Resubmissions

03/05/2022, 13:27 UTC

220503-qp34xaabfj 8

26/04/2022, 04:40 UTC

220426-fajfvabab3 8

Analysis

  • max time kernel
    294s
  • max time network
    97s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    03/05/2022, 13:27 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    341d69cf4f5d9be493ebe9913f4150cf.exe

  • Size

    1.1MB

  • MD5

    341d69cf4f5d9be493ebe9913f4150cf

  • SHA1

    b043c610bf6b1fea68701910870d439501d8f832

  • SHA256

    ea315e9e65af9d1d95ac0636abde389107bb131f99e9eeac2dd16821be1ba888

  • SHA512

    50534e155760d2dde64e0737f90b63d35c1b0e3136007476d9e62b8eaf0bfb42225a57dc340c12e45a7346cdf56a857e403b4230d561b32991f1155f4d8294ab

Score
10/10
danabot7bankertrojan

Malware Config

Extracted

Family

danabot

Attributes
  • type

    loader

Extracted

Family

danabot

Botnet

7

C2

192.236.176.108:443

23.254.209.218:443
Attributes
  • embedded_hash

    F05AD7842A54466C7E7FBCE36DCCAB8C

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Blocklisted process makes network request 5 IoCs
  • Suspicious use of WriteProcessMemory 34 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\341d69cf4f5d9be493ebe9913f4150cf.exe
    "C:\Users\Admin\AppData\Local\Temp\341d69cf4f5d9be493ebe9913f4150cf.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1884
    • C:\Windows\syswow64\rundll32.exe
      "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
      2⤵
      • Blocklisted process makes network request
      PID:1688

Network

    No results found
  • 192.236.176.108:443
    rundll32.exe
    152 B
     3
  • 192.236.176.108:443
    rundll32.exe
    152 B
     3
  • 192.236.176.108:443
    rundll32.exe
    152 B
     3
  • 192.236.176.108:443
    rundll32.exe
    152 B
     3
  • 192.236.176.108:443
    rundll32.exe
    152 B
     3
No results found

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-123-0x00000000001C0000-0x00000000001C3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-120-0x0000000000150000-0x0000000000153000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-133-0x0000000000270000-0x0000000000273000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-131-0x0000000000250000-0x0000000000253000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-58-0x0000000000280000-0x0000000000283000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-60-0x0000000000280000-0x0000000000283000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-132-0x0000000000260000-0x0000000000263000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-112-0x0000000000090000-0x0000000000093000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-111-0x0000000000080000-0x0000000000083000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-114-0x00000000000B0000-0x00000000000B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-113-0x00000000000A0000-0x00000000000A3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-116-0x00000000000D0000-0x00000000000D3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-115-0x00000000000C0000-0x00000000000C3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-129-0x0000000000230000-0x0000000000233000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-117-0x00000000000E0000-0x00000000000E3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-122-0x00000000001B0000-0x00000000001B3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-119-0x0000000000140000-0x0000000000143000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-118-0x0000000000130000-0x0000000000133000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-121-0x00000000001A0000-0x00000000001A3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-124-0x00000000001E0000-0x00000000001E3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-130-0x0000000000240000-0x0000000000243000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-125-0x00000000001F0000-0x00000000001F3000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-126-0x0000000000200000-0x0000000000203000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-127-0x0000000000210000-0x0000000000213000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1688-128-0x0000000000220000-0x0000000000223000-memory.dmp

    Filesize

    12KB

    Download

  • memory/1884-54-0x0000000000220000-0x00000000002FD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1884-55-0x0000000000220000-0x00000000002FD000-memory.dmp

    Filesize

    884KB

    Download

  • memory/1884-110-0x0000000000400000-0x0000000000630000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/1884-57-0x0000000075191000-0x0000000075193000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1884-56-0x0000000002040000-0x0000000002265000-memory.dmp

    Filesize

    2.1MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.