danabot | 7b7a64e87b2f0a2976ad94c4d9def2b9104f9ef02b8d7ef9d33ab44d2c20a48f

Analysis

max time kernel
82s
max time network
85s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
15-09-2022 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b7a64e87b2f0a2976ad94c4d9def2b9104f9ef02b8d7ef9d33ab44d2c20a48f.exe
Size

1.8MB
MD5

b662d03c37b93830614c032543cac61a
SHA1

0bda9df5ee83eb0e2f51cbba93e729276f0eb30d
SHA256

7b7a64e87b2f0a2976ad94c4d9def2b9104f9ef02b8d7ef9d33ab44d2c20a48f
SHA512

9fac4d43717455d27ae7a15d7f218f8a0ada44aebdd8f5055cdc677ce76b952c42acfaa9cae6057500be9549fedd712ae26ef74431358f33845998b19ef04713
SSDEEP

49152:2/jyjovVNEoo4R++CQ9SgtOAjkgM5S374K+zG:2/Wuy94R++CASgtdjfB8K+zG

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

103.144.139.228:443

213.227.154.98:443

66.85.147.23:443

153.92.223.225:443

Attributes

embedded_hash
A64A3A6ED13022027B84C77D31BE0C74
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Loads dropped DLL 1 IoCs

pid	Process
4588	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 4588	2584	7b7a64e87b2f0a2976ad94c4d9def2b9104f9ef02b8d7ef9d33ab44d2c20a48f.exe	66
PID 2584 wrote to memory of 4588	2584	7b7a64e87b2f0a2976ad94c4d9def2b9104f9ef02b8d7ef9d33ab44d2c20a48f.exe	66
PID 2584 wrote to memory of 4588	2584	7b7a64e87b2f0a2976ad94c4d9def2b9104f9ef02b8d7ef9d33ab44d2c20a48f.exe	66

C:\Users\Admin\AppData\Local\Temp\7b7a64e87b2f0a2976ad94c4d9def2b9104f9ef02b8d7ef9d33ab44d2c20a48f.exe
"C:\Users\Admin\AppData\Local\Temp\7b7a64e87b2f0a2976ad94c4d9def2b9104f9ef02b8d7ef9d33ab44d2c20a48f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Etfrehti.dll,start C:\Users\Admin\AppData\Local\Temp\7B7A64~1.EXE
  2⤵
  - Loads dropped DLL
  PID:4588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Etfrehti.dll

Filesize
2.5MB

MD5
d7a66ca4622307cefbaf2d548edf21c1

SHA1
d6e7396cf81fddc86bd9a6adb17dbec09fbd532d

SHA256
c692330b06a1c232eafe7e68f867c6f339ca9545834010b0997e19f936ad0b5d

SHA512
4d9e5fa064ea98af43d5fef363a69a593fdd0ae5f4b79db0794bd5b12e9ffd0c52bb53b7c7b08141f4a33ea7b786f2164504af3295ee9466477270e69b87f41c

Download Submit
\Users\Admin\AppData\Local\Temp\Etfrehti.dll

Filesize
2.5MB

MD5
d7a66ca4622307cefbaf2d548edf21c1

SHA1
d6e7396cf81fddc86bd9a6adb17dbec09fbd532d

SHA256
c692330b06a1c232eafe7e68f867c6f339ca9545834010b0997e19f936ad0b5d

SHA512
4d9e5fa064ea98af43d5fef363a69a593fdd0ae5f4b79db0794bd5b12e9ffd0c52bb53b7c7b08141f4a33ea7b786f2164504af3295ee9466477270e69b87f41c

Download Submit
memory/2584-117-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-118-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-119-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-120-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-121-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-122-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-123-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-124-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-125-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-126-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-127-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-128-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-129-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-130-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-131-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-132-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-133-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-134-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-135-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-136-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-137-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-138-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-139-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-141-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-142-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-143-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-144-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-145-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-146-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-147-0x0000000002510000-0x00000000026C8000-memory.dmp

Filesize
1.7MB

Download
memory/2584-148-0x00000000026D0000-0x00000000028AC000-memory.dmp

Filesize
1.9MB

Download
memory/2584-149-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-150-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-151-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-152-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-153-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-154-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-155-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-157-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/2584-156-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-158-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-159-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-160-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/2584-165-0x0000000000400000-0x00000000005E7000-memory.dmp

Filesize
1.9MB

Download
memory/4588-162-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-163-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-164-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-166-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-167-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-168-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-169-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-170-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-171-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-172-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-173-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-174-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-175-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-176-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-177-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-178-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-179-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-180-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-181-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-182-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-183-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-184-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-185-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-186-0x0000000077A40000-0x0000000077BCE000-memory.dmp

Filesize
1.6MB

Download
memory/4588-208-0x0000000000400000-0x0000000000694000-memory.dmp

Filesize
2.6MB

Download
memory/4588-216-0x0000000000400000-0x0000000000694000-memory.dmp

Filesize
2.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads