Overview

overview

10

Static

static

34e619de04...27.exe

windows7_x64

10

34e619de04...27.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    138s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    24-05-2022 15:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34e619de046404d3aeb191bee99a5bc97ca4808e2afa1f3a8a3c3e028389bf27.exe

  • Size

    2.6MB

  • MD5

    a329c16a70ac8358873a86b686537e6f

  • SHA1

    586b589ce774d8778f303d2a2a0f0a3edcc020b2

  • SHA256

    34e619de046404d3aeb191bee99a5bc97ca4808e2afa1f3a8a3c3e028389bf27

  • SHA512

    faa867337e45caec169af27369b519e217601baa9fa251f3cf49818dc284d7f2c0c03b98689f78003273f7c0546a1c1c5e570ab1b435d4480166f41d5a295bc9

Score
10/10
danabotbankerbotnettrojan

Malware Config

Extracted

Family

danabot

C2

45.147.231.202

23.83.133.10

137.74.66.92

185.227.138.52

192.236.146.249

149.255.35.125
rsa_pubkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot x86 payload 5 IoCs

    Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

    botnet
  • Blocklisted process makes network request 8 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\34e619de046404d3aeb191bee99a5bc97ca4808e2afa1f3a8a3c3e028389bf27.exe
    "C:\Users\Admin\AppData\Local\Temp\34e619de046404d3aeb191bee99a5bc97ca4808e2afa1f3a8a3c3e028389bf27.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4072
    • C:\Windows\SysWOW64\regsvr32.exe
      C:\Windows\system32\regsvr32.exe -s C:\Users\Admin\AppData\Local\Temp\34E619~1.DLL f1 C:\Users\Admin\AppData\Local\Temp\34E619~1.EXE@4072
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:4652
      • C:\Windows\SysWOW64\rundll32.exe
        C:\Windows\SysWOW64\rundll32.exe C:\Users\Admin\AppData\Local\Temp\34E619~1.DLL,f0
        3⤵
        • Blocklisted process makes network request
        • Loads dropped DLL
        PID:4536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\34E619~1.DLL
    Filesize

    2.4MB

    MD5

    414bc892169d57d097d7fc1a04da3624

    SHA1

    fbf48c2ea902de9e216032ec867561023220d577

    SHA256

    a1fcf4274e1f86fd689efc29859b6d4aef772915a9d346bc29c9e514b3b51798

    SHA512

    225dc50a998ccd05b8dad6800aeccbc13b91060d49cb0d9c37049ead538b00912f22ffbca55f670db93582356bb4199d969ded1a053f86157e512f3cc3e7e7ae

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\34e619de046404d3aeb191bee99a5bc97ca4808e2afa1f3a8a3c3e028389bf27.dll
    Filesize

    2.4MB

    MD5

    414bc892169d57d097d7fc1a04da3624

    SHA1

    fbf48c2ea902de9e216032ec867561023220d577

    SHA256

    a1fcf4274e1f86fd689efc29859b6d4aef772915a9d346bc29c9e514b3b51798

    SHA512

    225dc50a998ccd05b8dad6800aeccbc13b91060d49cb0d9c37049ead538b00912f22ffbca55f670db93582356bb4199d969ded1a053f86157e512f3cc3e7e7ae

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\34e619de046404d3aeb191bee99a5bc97ca4808e2afa1f3a8a3c3e028389bf27.dll
    Filesize

    2.4MB

    MD5

    414bc892169d57d097d7fc1a04da3624

    SHA1

    fbf48c2ea902de9e216032ec867561023220d577

    SHA256

    a1fcf4274e1f86fd689efc29859b6d4aef772915a9d346bc29c9e514b3b51798

    SHA512

    225dc50a998ccd05b8dad6800aeccbc13b91060d49cb0d9c37049ead538b00912f22ffbca55f670db93582356bb4199d969ded1a053f86157e512f3cc3e7e7ae

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\34e619de046404d3aeb191bee99a5bc97ca4808e2afa1f3a8a3c3e028389bf27.dll
    Filesize

    2.4MB

    MD5

    414bc892169d57d097d7fc1a04da3624

    SHA1

    fbf48c2ea902de9e216032ec867561023220d577

    SHA256

    a1fcf4274e1f86fd689efc29859b6d4aef772915a9d346bc29c9e514b3b51798

    SHA512

    225dc50a998ccd05b8dad6800aeccbc13b91060d49cb0d9c37049ead538b00912f22ffbca55f670db93582356bb4199d969ded1a053f86157e512f3cc3e7e7ae

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\34e619de046404d3aeb191bee99a5bc97ca4808e2afa1f3a8a3c3e028389bf27.dll
    Filesize

    2.4MB

    MD5

    414bc892169d57d097d7fc1a04da3624

    SHA1

    fbf48c2ea902de9e216032ec867561023220d577

    SHA256

    a1fcf4274e1f86fd689efc29859b6d4aef772915a9d346bc29c9e514b3b51798

    SHA512

    225dc50a998ccd05b8dad6800aeccbc13b91060d49cb0d9c37049ead538b00912f22ffbca55f670db93582356bb4199d969ded1a053f86157e512f3cc3e7e7ae

    Download Submit
  • memory/4072-130-0x00000000043A8000-0x000000000461F000-memory.dmp
    Filesize

    2.5MB

    Download
  • memory/4072-131-0x0000000004620000-0x00000000048AB000-memory.dmp
    Filesize

    2.5MB

    Download
  • memory/4072-141-0x0000000000400000-0x00000000026EA000-memory.dmp
    Filesize

    34.9MB

    Download
  • memory/4536-137-0x0000000000000000-mapping.dmp
    Download
  • memory/4536-140-0x0000000002120000-0x000000000238B000-memory.dmp
    Filesize

    2.4MB

    Download
  • memory/4652-132-0x0000000000000000-mapping.dmp
    Download
  • memory/4652-136-0x00000000025B0000-0x000000000281B000-memory.dmp
    Filesize

    2.4MB

    Download