danabot | ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd

Analysis

max time kernel
145s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
30-09-2022 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe
Size

1.2MB
MD5

c2bab2d93261bf3982970f6ede2d21e6
SHA1

c241d1f26e88fe0070be180577344d6823d55ae1
SHA256

ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd
SHA512

206ad6b129f4ef0f6f4c0161aac051727e9ab73ff2c8b1110d96bd200c02105663b84839e809ada3f20b59585dd95a03b17300d67aabed6e547d9af42b8a702d
SSDEEP

24576:mGBWbwMDmHdYeXp3S2ltejdTKaQP4Ij4OhwMjHjEUchRMnijD3ivOX00auCbxaC:tOXDCt5S2CdPQgIwMjwthRMnOP0zD9

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
A813CAF845B5703DA814AF785BB60B21
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3584	3828	WerFault.exe	65

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3828 wrote to memory of 4864	3828	ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe	66
PID 3828 wrote to memory of 4864	3828	ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe	66
PID 3828 wrote to memory of 4864	3828	ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe	66

C:\Users\Admin\AppData\Local\Temp\ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe
"C:\Users\Admin\AppData\Local\Temp\ca13939ac1036e568800fc1ae1cead04ea7250a75e084ec76df7694e37f1d1dd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3828
- C:\Windows\SysWOW64\appidtel.exe
  C:\Windows\system32\appidtel.exe
  2⤵
  PID:4864
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 572
  2⤵
  - Program crash
  PID:3584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3828-147-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-123-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-118-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-119-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-120-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-121-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-122-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-116-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-124-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-125-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-126-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-127-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-128-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-129-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-130-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-132-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-133-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-134-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-135-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-137-0x00000000024F0000-0x000000000261F000-memory.dmp

Filesize
1.2MB

Download
memory/3828-136-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-139-0x0000000002620000-0x00000000028EE000-memory.dmp

Filesize
2.8MB

Download
memory/3828-140-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-138-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-141-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-142-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-143-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-144-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-145-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-146-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-161-0x00000000024F0000-0x000000000261F000-memory.dmp

Filesize
1.2MB

Download
memory/3828-158-0x0000000000400000-0x00000000006DA000-memory.dmp

Filesize
2.9MB

Download
memory/3828-117-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-162-0x0000000002620000-0x00000000028EE000-memory.dmp

Filesize
2.8MB

Download
memory/3828-163-0x0000000000400000-0x00000000006DA000-memory.dmp

Filesize
2.9MB

Download
memory/3828-164-0x0000000000400000-0x00000000006DA000-memory.dmp

Filesize
2.9MB

Download
memory/3828-177-0x0000000000400000-0x00000000006DA000-memory.dmp

Filesize
2.9MB

Download
memory/3828-176-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-175-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-174-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-173-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-172-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-171-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-170-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-165-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-166-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-167-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-169-0x0000000000400000-0x00000000006DA000-memory.dmp

Filesize
2.9MB

Download
memory/3828-168-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4864-155-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4864-154-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4864-153-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4864-152-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4864-151-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4864-150-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4864-149-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4864-148-0x0000000000000000-mapping.dmp

Download
memory/4864-156-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4864-157-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4864-160-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4864-159-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads