danabot | 19a6bc39fe6abd8711a8bc650b651d3e434db4eb8b54ac92fd76ca664ecc9d37

Analysis

max time kernel
302s
max time network
304s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
04/10/2022, 06:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

19a6bc39fe6abd8711a8bc650b651d3e434db4eb8b54ac92fd76ca664ecc9d37.exe
Size

2.0MB
MD5

5f69e3a8fe967d526555ad9be8945709
SHA1

2e72f271e87d057bf5abc1b1f3101aa93b5b41b4
SHA256

19a6bc39fe6abd8711a8bc650b651d3e434db4eb8b54ac92fd76ca664ecc9d37
SHA512

215fbb0baff3351bdc6f25c8b8cbf1d3693f7bc63636aee9e0fe53e0f917da8f1cb47ed961d974bc01b655f71e233ad93c0aec2b4c176f47bf1cc90ffc8fd05d
SSDEEP

49152:pcgpXKjjTBmqr6zZrVaCxW5DkQ9OP0/TiIxLuOHVHM:pc4CjTBmquZo9S0/TvxHRM

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

23.254.226.20:443

198.15.112.179:443

66.85.147.23:443

Attributes

embedded_hash
8AA34A6CD5B6C9D509DB2C72E1AE6D88
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Blocklisted process makes network request 9 IoCs

flow	pid	Process
6	4648	rundll32.exe
7	4648	rundll32.exe
8	4648	rundll32.exe
9	4648	rundll32.exe
10	4648	rundll32.exe
11	4648	rundll32.exe
12	4648	rundll32.exe
13	4648	rundll32.exe
14	4648	rundll32.exe

Loads dropped DLL 1 IoCs

pid	Process
4648	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 4648	2664	19a6bc39fe6abd8711a8bc650b651d3e434db4eb8b54ac92fd76ca664ecc9d37.exe	66
PID 2664 wrote to memory of 4648	2664	19a6bc39fe6abd8711a8bc650b651d3e434db4eb8b54ac92fd76ca664ecc9d37.exe	66
PID 2664 wrote to memory of 4648	2664	19a6bc39fe6abd8711a8bc650b651d3e434db4eb8b54ac92fd76ca664ecc9d37.exe	66

C:\Users\Admin\AppData\Local\Temp\19a6bc39fe6abd8711a8bc650b651d3e434db4eb8b54ac92fd76ca664ecc9d37.exe
"C:\Users\Admin\AppData\Local\Temp\19a6bc39fe6abd8711a8bc650b651d3e434db4eb8b54ac92fd76ca664ecc9d37.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dhfrwpy.dll,start C:\Users\Admin\AppData\Local\Temp\19A6BC~1.EXE
  2⤵
  - Blocklisted process makes network request
  - Loads dropped DLL
  PID:4648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Dhfrwpy.dll

Filesize
2.6MB

MD5
03528423ab726a2474cbfb386d14817e

SHA1
5e973a84f864e0f0313f11c7f381faf443c42017

SHA256
b137893c1a7d264e51479a9f4b73ba8a0322d4a62a0834750b04bf43574087d1

SHA512
866f26f2d7e4e219f3178bf0ea927751c5a151d6f0573f33ab40ae80b426ee891dd0af28ff0a2c558b72b4a24adf73026a0e8345a3707c597a109576724c30f4

Download Submit
\Users\Admin\AppData\Local\Temp\Dhfrwpy.dll

Filesize
2.6MB

MD5
03528423ab726a2474cbfb386d14817e

SHA1
5e973a84f864e0f0313f11c7f381faf443c42017

SHA256
b137893c1a7d264e51479a9f4b73ba8a0322d4a62a0834750b04bf43574087d1

SHA512
866f26f2d7e4e219f3178bf0ea927751c5a151d6f0573f33ab40ae80b426ee891dd0af28ff0a2c558b72b4a24adf73026a0e8345a3707c597a109576724c30f4

Download Submit
memory/2664-115-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-116-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-117-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-118-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-119-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-120-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-121-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-122-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-123-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-124-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-125-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-126-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-127-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-128-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-129-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-131-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-132-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-133-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-134-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-135-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-137-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-136-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-138-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-139-0x0000000002790000-0x0000000002954000-memory.dmp

Filesize
1.8MB

Download
memory/2664-140-0x0000000002960000-0x0000000002B52000-memory.dmp

Filesize
1.9MB

Download
memory/2664-141-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-142-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-143-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-144-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-145-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-146-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-147-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-148-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-149-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-150-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-151-0x0000000000400000-0x00000000009F9000-memory.dmp

Filesize
6.0MB

Download
memory/2664-153-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-152-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-154-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-155-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-156-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-157-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-158-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/2664-160-0x0000000002960000-0x0000000002B52000-memory.dmp

Filesize
1.9MB

Download
memory/2664-159-0x0000000002790000-0x0000000002954000-memory.dmp

Filesize
1.8MB

Download
memory/2664-161-0x0000000000400000-0x00000000009F9000-memory.dmp

Filesize
6.0MB

Download
memory/2664-165-0x0000000000400000-0x00000000009F9000-memory.dmp

Filesize
6.0MB

Download
memory/4648-163-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-164-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-166-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-167-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-168-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-169-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-170-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-171-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-172-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-173-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-175-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-174-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-177-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-176-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-178-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-179-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-180-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-181-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-182-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-183-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-184-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-185-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-186-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-187-0x00000000775D0000-0x000000007775E000-memory.dmp

Filesize
1.6MB

Download
memory/4648-210-0x0000000000400000-0x00000000006A9000-memory.dmp

Filesize
2.7MB

Download
memory/4648-217-0x0000000000400000-0x00000000006A9000-memory.dmp

Filesize
2.7MB

Download