danabot | 380799a1cfe4311c17c4c6240ac65d8337e55679a547e57621ac3c8c9233315f | Triage

Analysis

max time kernel
172s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2022 12:37

Sharing

Report Analysis Logs

General

Target

malware_smoke_3900822290.exe
Size

1.1MB
MD5

aecb3fdebc29b15a92535bbbd21d295c
SHA1

aba867d33123b33a1d21f7db6f05472721e2f5ef
SHA256

380799a1cfe4311c17c4c6240ac65d8337e55679a547e57621ac3c8c9233315f
SHA512

6ec34ae1e2141c3faee6f724fb0f5ae998b574ac765bfac0c21d5915c416085f50b6b3f500ebe787b6efb61b36ee9a19807278ae64d2a68e4ff53d6a5c499f99
SSDEEP

24576:oiMdCm9+HP+xWXeHSoejsC5GL/6YkRkE26tW3Pk4d:o4NOKDw/6A84

Score

10^/10

danabot 5 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

5

Attributes

embedded_hash
C9710462E1D60893F562FB2B07EC3B66
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

C:\Users\Admin\AppData\Local\Temp\malware_smoke_3900822290.exe
"C:\Users\Admin\AppData\Local\Temp\malware_smoke_3900822290.exe"
1⤵
PID:3520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3520-132-0x0000000000921000-0x0000000000A02000-memory.dmp

Filesize
900KB

Download
memory/3520-133-0x00000000023B0000-0x00000000025DB000-memory.dmp

Filesize
2.2MB

Download
memory/3520-134-0x0000000000400000-0x0000000000637000-memory.dmp

Filesize
2.2MB

Download
memory/3520-135-0x0000000000400000-0x0000000000637000-memory.dmp

Filesize
2.2MB

Download
memory/3520-136-0x0000000000400000-0x0000000000637000-memory.dmp

Filesize
2.2MB

Download
memory/3520-137-0x0000000000400000-0x0000000000637000-memory.dmp

Filesize
2.2MB

Download