Overview

overview

10

Static

static

10

8c9c56a08b...2c.dll

windows7-x64

10

8c9c56a08b...2c.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    155s
  • max time network
    179s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220721-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220721-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-07-2022 09:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8c9c56a08b9cc58d1cc57309695ef07ce367a8a7bfac2485328919a954ea7f2c.dll

  • Size

    1.4MB

  • MD5

    6b448c6851f3235c9b3d0c24353c480f

  • SHA1

    f01bfd3a21a887bc85eb6b02baf28f7640513d03

  • SHA256

    8c9c56a08b9cc58d1cc57309695ef07ce367a8a7bfac2485328919a954ea7f2c

  • SHA512

    663df12c36a4817da30f88072d1195bbbd1b37a4023f0de67b62d0d4deef15bcbb4c2a025648186a22573dba3cd5480701925f0f30cddafff89c053790dffbf3

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

243.127.43.6

64.126.175.2

130.15.230.152

74.99.136.192

244.14.226.35

95.179.168.37

51.129.76.8

151.210.85.159

45.76.123.177

75.57.14.121
rsa_pubkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c9c56a08b9cc58d1cc57309695ef07ce367a8a7bfac2485328919a954ea7f2c.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4460
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c9c56a08b9cc58d1cc57309695ef07ce367a8a7bfac2485328919a954ea7f2c.dll,#1
      2⤵
        PID:4380
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 780
          3⤵
          • Program crash
          PID:2852
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4380 -ip 4380
      1⤵
        PID:3872

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4380-131-0x0000000002100000-0x000000000226B000-memory.dmp

        Filesize

        1.4MB

        Download