danabot | 74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d

Analysis

max time kernel
97s
max time network
146s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
02-10-2022 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe
Size

1.2MB
MD5

46b75300c024839f9ee7075328e12d02
SHA1

6b1f459cc1aaf84cd39cf5057a944360e7c0ef84
SHA256

74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d
SHA512

73e99977476fb6a0a33f21bff4471ed8870f317261e9370a86ffe53c4d497591d648a2a208c0de2a6822089180c37c4dfc3f2cda3484fdfcd0e8a63ba1f21fb8
SSDEEP

24576:FhdCAM7aQ7kJNb8omMy3E2bLtHJ22SDyJP062Gp5:bdCdaQ7kTg8yBJquY

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

Attributes

embedded_hash
F11D3871631E16E8DE15C24B32328D98
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4972	388	WerFault.exe	65
2340	388	WerFault.exe	65

Suspicious use of WriteProcessMemory 23 IoCs

description	pid	Process	procid_target
PID 388 wrote to memory of 4628	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	66
PID 388 wrote to memory of 4628	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	66
PID 388 wrote to memory of 4628	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	66
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69
PID 388 wrote to memory of 5036	388	74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe	69

C:\Users\Admin\AppData\Local\Temp\74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe
"C:\Users\Admin\AppData\Local\Temp\74b3e70e9a92c985b24ac2efb1674d10c61f47280a9f9592d6501a0e6b471c2d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:388
- C:\Windows\SysWOW64\appidtel.exe
  C:\Windows\system32\appidtel.exe
  2⤵
  PID:4628
- C:\Windows\syswow64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  PID:5036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 604
  2⤵
  - Program crash
  PID:4972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 572
  2⤵
  - Program crash
  PID:2340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/388-148-0x0000000000400000-0x00000000006C7000-memory.dmp

Filesize
2.8MB

Download
memory/388-131-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-117-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-118-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-119-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-120-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-121-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-122-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-123-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-124-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-125-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-128-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-129-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-161-0x0000000002560000-0x0000000002688000-memory.dmp

Filesize
1.2MB

Download
memory/388-132-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-133-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-134-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-135-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-130-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-127-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-126-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-137-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-138-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-139-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-140-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-141-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-142-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-143-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-145-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-147-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-162-0x0000000002690000-0x000000000294B000-memory.dmp

Filesize
2.7MB

Download
memory/388-144-0x0000000002560000-0x0000000002688000-memory.dmp

Filesize
1.2MB

Download
memory/388-165-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-116-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-146-0x0000000002690000-0x000000000294B000-memory.dmp

Filesize
2.7MB

Download
memory/388-163-0x0000000000400000-0x00000000006C7000-memory.dmp

Filesize
2.8MB

Download
memory/388-164-0x0000000000400000-0x00000000006C7000-memory.dmp

Filesize
2.8MB

Download
memory/388-115-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-181-0x0000000000400000-0x00000000006C7000-memory.dmp

Filesize
2.8MB

Download
memory/388-180-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-179-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-178-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-177-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-176-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-175-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-167-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-166-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-168-0x0000000000400000-0x00000000006C7000-memory.dmp

Filesize
2.8MB

Download
memory/388-169-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-170-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-171-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-172-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-173-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/388-174-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/4628-155-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/4628-154-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/4628-153-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/4628-152-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/4628-151-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/4628-150-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/4628-156-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/4628-157-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/4628-158-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/4628-159-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download
memory/4628-160-0x0000000077DF0000-0x0000000077F7E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads