Overview

overview

10

Static

static

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    306s
  • max time network
    319s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/10/2022, 06:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9ee17179fc36fbc73d255264aff87becb1b041e1debcd0a8ed584984642dbb67.exe

  • Size

    1.9MB

  • MD5

    43ea96e5e940e855f73c5c6b9ffabb2d

  • SHA1

    677d621678417dcc4abf832686f0c8f1c5a00fc1

  • SHA256

    9ee17179fc36fbc73d255264aff87becb1b041e1debcd0a8ed584984642dbb67

  • SHA512

    cc7d3a1a1cd826e2f7459e24dd3bb25794c906527114118fba370a1243eb1527c5b163a04a80645d13844b42d19ffb9a364ffc6a5e8233a1b0efd4e82af79b75

  • SSDEEP

    49152:Q5VJWv/QA9dvKpEQ2zJFu+Vp9LLvYcKzdtncU/FILb7:Q5XWvYAmIJFbdQlpu/

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

23.254.226.20:443

198.15.112.179:443

66.85.147.23:443
Attributes
  • embedded_hash

    8AA34A6CD5B6C9D509DB2C72E1AE6D88

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ee17179fc36fbc73d255264aff87becb1b041e1debcd0a8ed584984642dbb67.exe
    "C:\Users\Admin\AppData\Local\Temp\9ee17179fc36fbc73d255264aff87becb1b041e1debcd0a8ed584984642dbb67.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Dhfrwpy.dll,start C:\Users\Admin\AppData\Local\Temp\9EE171~1.EXE
      2⤵
      • Loads dropped DLL
      PID:3476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Dhfrwpy.dll
    Filesize

    2.6MB

    MD5

    03528423ab726a2474cbfb386d14817e

    SHA1

    5e973a84f864e0f0313f11c7f381faf443c42017

    SHA256

    b137893c1a7d264e51479a9f4b73ba8a0322d4a62a0834750b04bf43574087d1

    SHA512

    866f26f2d7e4e219f3178bf0ea927751c5a151d6f0573f33ab40ae80b426ee891dd0af28ff0a2c558b72b4a24adf73026a0e8345a3707c597a109576724c30f4

    Download Submit

  • \Users\Admin\AppData\Local\Temp\Dhfrwpy.dll
    Filesize

    2.6MB

    MD5

    03528423ab726a2474cbfb386d14817e

    SHA1

    5e973a84f864e0f0313f11c7f381faf443c42017

    SHA256

    b137893c1a7d264e51479a9f4b73ba8a0322d4a62a0834750b04bf43574087d1

    SHA512

    866f26f2d7e4e219f3178bf0ea927751c5a151d6f0573f33ab40ae80b426ee891dd0af28ff0a2c558b72b4a24adf73026a0e8345a3707c597a109576724c30f4

    Download Submit

  • memory/2784-120-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-121-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-122-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-123-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-124-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-125-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-126-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-127-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-128-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-129-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-130-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-131-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-132-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-133-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-134-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-135-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-136-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-137-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-138-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-139-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-140-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-141-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-142-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-143-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-144-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-145-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-147-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-148-0x0000000004BF0000-0x0000000004DB7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2784-149-0x0000000004DC0000-0x0000000004FB2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2784-150-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-151-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-152-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-153-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-154-0x0000000000400000-0x0000000002D37000-memory.dmp

    Filesize

    41.2MB

    Download

  • memory/2784-155-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-156-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-157-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-158-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-159-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-160-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-161-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-162-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-163-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-164-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-165-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/2784-166-0x0000000004BF0000-0x0000000004DB7000-memory.dmp

    Filesize

    1.8MB

    Download

  • memory/2784-167-0x0000000004DC0000-0x0000000004FB2000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2784-168-0x0000000000400000-0x0000000002D37000-memory.dmp

    Filesize

    41.2MB

    Download

  • memory/2784-179-0x0000000000400000-0x0000000002D37000-memory.dmp

    Filesize

    41.2MB

    Download

  • memory/3476-170-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-171-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-172-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-173-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-174-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-175-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-176-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-177-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-178-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-180-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-181-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-182-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-183-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-184-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-185-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-186-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-187-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-188-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-189-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-190-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-191-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-192-0x00000000772C0000-0x000000007744E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/3476-218-0x0000000000400000-0x00000000006A9000-memory.dmp

    Filesize

    2.7MB

    Download

  • memory/3476-224-0x0000000000400000-0x00000000006A9000-memory.dmp

    Filesize

    2.7MB

    Download