danabot | c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de

General

Target

c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe
Size

1.3MB
MD5

0d04f4dcf1c8057b6ed68057444a68a8
SHA1

c5c089025aef15d1aaa13c746f597bcb57fc45ce
SHA256

c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de
SHA512

46a42550b0996c9875f7e68afa21b32437f013d2b3a8db7b6965b86ded369c3ef9dfbcbbc11904c58456e1d5919dea897b1f59455ea77af016c901e43b0984b2
SSDEEP

24576:pWKyw5yKcZOf4HnqHcBt9mVc5HEzj3D5M4vAifzq2sgUuOks:x5yKcYUnqHc8+HWz5M4vAiukFs

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
1596	2252	WerFault.exe	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe
3996	2252	WerFault.exe	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe

Suspicious use of WriteProcessMemory 13 IoCs

Processes:

c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe

description	pid	process	target process
PID 2252 wrote to memory of 4148	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	appidtel.exe
PID 2252 wrote to memory of 4148	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	appidtel.exe
PID 2252 wrote to memory of 4148	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	appidtel.exe
PID 2252 wrote to memory of 3700	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	rundll32.exe
PID 2252 wrote to memory of 3700	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	rundll32.exe
PID 2252 wrote to memory of 3700	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	rundll32.exe
PID 2252 wrote to memory of 3700	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	rundll32.exe
PID 2252 wrote to memory of 3700	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	rundll32.exe
PID 2252 wrote to memory of 3700	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	rundll32.exe
PID 2252 wrote to memory of 3700	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	rundll32.exe
PID 2252 wrote to memory of 3700	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	rundll32.exe
PID 2252 wrote to memory of 3700	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	rundll32.exe
PID 2252 wrote to memory of 3700	2252	c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe	rundll32.exe

C:\Users\Admin\AppData\Local\Temp\c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe
"C:\Users\Admin\AppData\Local\Temp\c13e4751e60749c9f221b107efbc807514299c8452346f5fdf07de91fc47c7de.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2252

C:\Windows\SysWOW64\appidtel.exe
C:\Windows\system32\appidtel.exe
2⤵
PID:4148

C:\Windows\syswow64\rundll32.exe
"C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
2⤵
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 600
2⤵
- Program crash
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 624
2⤵
- Program crash
PID:3996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2252-145-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-120-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-116-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-119-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-146-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-121-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-122-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-123-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-125-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-124-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-126-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-127-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-128-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-129-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-130-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-132-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-133-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-134-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-136-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-135-0x0000000002450000-0x0000000002577000-memory.dmp

Filesize
1.2MB

Download
memory/2252-137-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-138-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-139-0x0000000002580000-0x000000000285B000-memory.dmp

Filesize
2.9MB

Download
memory/2252-140-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-147-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-142-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-143-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-144-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-118-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-117-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-141-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-154-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2252-161-0x0000000002580000-0x000000000285B000-memory.dmp

Filesize
2.9MB

Download
memory/2252-162-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2252-163-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-164-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-174-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2252-173-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-172-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-171-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-170-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-169-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-168-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-167-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-165-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/2252-166-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/4148-156-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/4148-155-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/4148-153-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/4148-152-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/4148-151-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/4148-150-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/4148-149-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/4148-148-0x0000000000000000-mapping.dmp

Download
memory/4148-157-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/4148-158-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/4148-159-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download
memory/4148-160-0x0000000077470000-0x00000000775FE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing