danabot | 68027593e9c91fe4f0e1412ed861dcd1d70b4bf1e101d907fd32d58fa95d3c04 | Triage

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220414-en
submitted
09/07/2022, 07:49 UTC

Sharing

Report Analysis Logs

General

Target

C88E21014F321E99295005388B9016DB.dll
Size

2.6MB
MD5

a114d7b1a54be867c02afced9031fb36
SHA1

5d1085a73bcb42afbe71c298ad0d2b0b304d5b2b
SHA256

68027593e9c91fe4f0e1412ed861dcd1d70b4bf1e101d907fd32d58fa95d3c04
SHA512

1fb96b51340e619ab2f62f3a2b2d009061198a7b300292363dedfa91ea58fc18929d33510e3648f3c78f69b8dfa5b1af66677cb352fdaa1ffc50f8403c0f389a

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

5.39.222.5:443

5.39.222.7:443

139.60.163.160:443

139.60.163.37:443

Attributes

embedded_hash
A128532C2B6B13F149C953BA34A9F24D
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 756 wrote to memory of 872	756	rundll32.exe	27
PID 756 wrote to memory of 872	756	rundll32.exe	27
PID 756 wrote to memory of 872	756	rundll32.exe	27
PID 756 wrote to memory of 872	756	rundll32.exe	27
PID 756 wrote to memory of 872	756	rundll32.exe	27
PID 756 wrote to memory of 872	756	rundll32.exe	27
PID 756 wrote to memory of 872	756	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\C88E21014F321E99295005388B9016DB.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\C88E21014F321E99295005388B9016DB.dll,#1
  2⤵
  PID:872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/872-55-0x00000000763E1000-0x00000000763E3000-memory.dmp

Filesize
8KB

Download
memory/872-56-0x0000000001EE0000-0x000000000218E000-memory.dmp

Filesize
2.7MB

Download
memory/872-57-0x0000000001EE0000-0x000000000218E000-memory.dmp

Filesize
2.7MB

Download
memory/872-58-0x0000000001EE0000-0x000000000218E000-memory.dmp

Filesize
2.7MB

Download