danabot | 00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3

Analysis

max time kernel
144s
max time network
146s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
23/09/2022, 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe
Size

1.3MB
MD5

60000415462fcb36858934bf2090206f
SHA1

0f3d6297770ee6cc65e9fd0d91d9b6fa92a5eae0
SHA256

00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3
SHA512

063a6ab23df1d723929d183ad7bb88ec70bf7ae215ebf761708e72c17db31333dbba26977a051b2cfb7f89e2e6e24c0fd408304e5b18ff1ea2d90d660261772d
SSDEEP

24576:5p5jHWW9yPz6IVI0RG9go6DdjnNVASgd+6y03P7eTr:5p9HWWcPnXWuJjnMS03PC

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3548	2360	WerFault.exe	65
3628	2360	WerFault.exe	65

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 3488	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	66
PID 2360 wrote to memory of 3488	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	66
PID 2360 wrote to memory of 3488	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	66
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69
PID 2360 wrote to memory of 4040	2360	00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe	69

C:\Users\Admin\AppData\Local\Temp\00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe
"C:\Users\Admin\AppData\Local\Temp\00da54a3d1f5c38cd0ceeb76ba100df57c16da087948027170179bad9362e6e3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Windows\SysWOW64\appidtel.exe
  C:\Windows\system32\appidtel.exe
  2⤵
  PID:3488
- C:\Windows\syswow64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  PID:4040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 604
  2⤵
  - Program crash
  PID:3548
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 640
  2⤵
  - Program crash
  PID:3628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2360-151-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-168-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2360-122-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-123-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-125-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-124-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-126-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-127-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-128-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-129-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-130-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-131-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-132-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-133-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-134-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-136-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-137-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-138-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-139-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-140-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-141-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-142-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-143-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-144-0x0000000002420000-0x0000000002554000-memory.dmp

Filesize
1.2MB

Download
memory/2360-145-0x00000000025C0000-0x000000000289B000-memory.dmp

Filesize
2.9MB

Download
memory/2360-146-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-147-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-148-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-149-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-165-0x0000000002420000-0x0000000002554000-memory.dmp

Filesize
1.2MB

Download
memory/2360-121-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-120-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-150-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-166-0x00000000025C0000-0x000000000289B000-memory.dmp

Filesize
2.9MB

Download
memory/2360-167-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2360-152-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2360-169-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-181-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2360-180-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-179-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-178-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-177-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-176-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-175-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-170-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-172-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-171-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2360-173-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/2360-174-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/3488-158-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/3488-159-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/3488-157-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/3488-156-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/3488-155-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/3488-154-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/3488-160-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/3488-161-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/3488-162-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/3488-163-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download
memory/3488-164-0x00000000776F0000-0x000000007787E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads