danabot | 287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748

Analysis

max time kernel
84s
max time network
143s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
27/09/2022, 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe
Size

1.4MB
MD5

a59ef7b3cc1f268b5b690d1adb70eaea
SHA1

5e23e9da8be9808620ed16bc139dae0d90219c70
SHA256

287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748
SHA512

84e58d976758629cac4bad8c8ed457f91b937ed8df6115bc187a1926107603d7ea45c58bde17808c4075020ec3762db95f4957c16a05dc1b1c4585a1e91c37e8
SSDEEP

24576:37TPLeD9dEc7QE0hhwC8PAtpcWpas53zX63WGIu/w6sP0fm2LzDEbPD/hA9fCCzD:rTPCD9K5hgAXcWpJzXvLb6O0rr8hA9fP

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3136	2656	WerFault.exe	65
1928	2656	WerFault.exe	65

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 3596	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	66
PID 2656 wrote to memory of 3596	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	66
PID 2656 wrote to memory of 3596	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	66
PID 2656 wrote to memory of 4088	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	69
PID 2656 wrote to memory of 4088	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	69
PID 2656 wrote to memory of 4088	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	69
PID 2656 wrote to memory of 4088	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	69
PID 2656 wrote to memory of 4088	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	69
PID 2656 wrote to memory of 4088	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	69
PID 2656 wrote to memory of 4088	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	69
PID 2656 wrote to memory of 4088	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	69
PID 2656 wrote to memory of 4088	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	69
PID 2656 wrote to memory of 4088	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	69
PID 2656 wrote to memory of 4088	2656	287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe	69

C:\Users\Admin\AppData\Local\Temp\287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe
"C:\Users\Admin\AppData\Local\Temp\287a450c85acd94eb44313b69ee9f2926cfeb3359251efbface372e8e60e0748.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\SysWOW64\appidtel.exe
  C:\Windows\system32\appidtel.exe
  2⤵
  PID:3596
- C:\Windows\syswow64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  PID:4088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 616
  2⤵
  - Program crash
  PID:3136
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 584
  2⤵
  - Program crash
  PID:1928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2656-168-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2656-166-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2656-121-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-122-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-123-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-124-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-125-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-126-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-127-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-128-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-129-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-130-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-131-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-132-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-133-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-134-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-135-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-136-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-137-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-138-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-140-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-141-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-142-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-143-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-139-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-145-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-146-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-147-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-148-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-149-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-120-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-183-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2656-182-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-181-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-180-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-155-0x0000000002550000-0x0000000002683000-memory.dmp

Filesize
1.2MB

Download
memory/2656-159-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2656-179-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-178-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-177-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-176-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-175-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-174-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-173-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-157-0x0000000002750000-0x0000000002A2B000-memory.dmp

Filesize
2.9MB

Download
memory/2656-165-0x0000000002550000-0x0000000002683000-memory.dmp

Filesize
1.2MB

Download
memory/2656-172-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-167-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2656-119-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-169-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-170-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/2656-171-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/3596-164-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/3596-163-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/3596-162-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/3596-152-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/3596-160-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/3596-156-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/3596-158-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/3596-154-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/3596-151-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/3596-161-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download
memory/3596-153-0x0000000077770000-0x00000000778FE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads