danabot | eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde

General

Target

eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe
Size

1.3MB
MD5

fab4703674fd0ca48c865ef3d39c24f7
SHA1

4a4ff8b08e6c49527ad85fe4e9da6c4aac671f5b
SHA256

eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde
SHA512

9daaa7930a01371eab490b115173ee4069da1cea712eef42454320d5b0269d82e9f0a0977d27c2b7e42f8e566704f8ccb6e997f8a3270a149a046098c85d981e
SSDEEP

24576:qM6dNsCjukiZaEhOU3e8BiiCBJpVilJ7UqmWx5Yj2yjLmbrPWGGoVJzp5ws3dH/L:/gdCaEQUXUiwJ7C7UeYFjimoVnTdH/L

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid	pid_target	process	target process
4768	2668	WerFault.exe	eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe
5016	2668	WerFault.exe	eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe

description	pid	process	target process
PID 2668 wrote to memory of 1956	2668	eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe	appidtel.exe
PID 2668 wrote to memory of 1956	2668	eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe	appidtel.exe
PID 2668 wrote to memory of 1956	2668	eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe	appidtel.exe
PID 2668 wrote to memory of 4752	2668	eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe	rundll32.exe
PID 2668 wrote to memory of 4752	2668	eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe	rundll32.exe
PID 2668 wrote to memory of 4752	2668	eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe	rundll32.exe
PID 2668 wrote to memory of 4752	2668	eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe	rundll32.exe
PID 2668 wrote to memory of 4752	2668	eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe	rundll32.exe
PID 2668 wrote to memory of 4752	2668	eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe	rundll32.exe

C:\Users\Admin\AppData\Local\Temp\eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe
"C:\Users\Admin\AppData\Local\Temp\eeb2bcfb0f5a224ff0fb309a89bac4fdaf9c59c5c125df22f2f35ff92637cbde.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2668

C:\Windows\SysWOW64\appidtel.exe
C:\Windows\system32\appidtel.exe
2⤵
PID:1956

C:\Windows\syswow64\rundll32.exe
"C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
2⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 612
2⤵
- Program crash
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 644
2⤵
- Program crash
PID:5016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1956-147-0x0000000000000000-mapping.dmp

Download
memory/1956-159-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1956-158-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1956-157-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1956-155-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1956-156-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1956-154-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1956-153-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1956-152-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1956-150-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1956-149-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/1956-148-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-146-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-122-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-129-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-131-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-132-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-133-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-134-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-135-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-136-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-137-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-138-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-139-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-141-0x0000000002420000-0x000000000254B000-memory.dmp

Filesize
1.2MB

Download
memory/2668-140-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-142-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-144-0x0000000002570000-0x000000000284B000-memory.dmp

Filesize
2.9MB

Download
memory/2668-145-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-115-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-143-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-127-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-126-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-125-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-151-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2668-124-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-123-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-128-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-121-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-120-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-119-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-118-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-117-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-116-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-160-0x0000000002420000-0x000000000254B000-memory.dmp

Filesize
1.2MB

Download
memory/2668-161-0x0000000002570000-0x000000000284B000-memory.dmp

Filesize
2.9MB

Download
memory/2668-162-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2668-163-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2668-164-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-165-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-166-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-168-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-167-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2668-169-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-170-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-171-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-172-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-173-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-174-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-175-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2668-176-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download

Analysis

Sharing