Overview

overview

10

Static

static

malware_sm...82.exe

windows7-x64

10

malware_sm...82.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    190s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2022 14:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    malware_smoke_1895150882.exe

  • Size

    1.0MB

  • MD5

    c53c1a89163132347f76dd22ab3741cc

  • SHA1

    026cd76399273a5691555bf058f6b5c0aa56cc50

  • SHA256

    e10640bc90b1c9fe36be71c79b107140b95a541611358c2627b516f3ae58e397

  • SHA512

    4fd035370232c85fb04f0af16742e5ecbb51235a5adfebf2bf2568637a39d2614165274caceaf0bc6cbdaa9fad977a5e7470d55287cc0a1eecde6362175f3864

  • SSDEEP

    24576:JgMcEVieKUHklvhYLSlVf/Ja4rITxX0x8kKMsyNv:JPcAimElw6enTxkx8kK7yN

Score
10/10
danabot5bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

5

C2

23.254.133.7:443

213.227.155.102:443
Attributes
  • embedded_hash

    12DF5314C5FDA13D9BF397EE140FD5E8

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Blocklisted process makes network request 47 IoCs
  • Suspicious use of WriteProcessMemory 41 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\malware_smoke_1895150882.exe
    "C:\Users\Admin\AppData\Local\Temp\malware_smoke_1895150882.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Windows\syswow64\rundll32.exe
      "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
      2⤵
      • Blocklisted process makes network request
      PID:1660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1660-77-0x0000000000170000-0x0000000000172000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-85-0x0000000000230000-0x0000000000232000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-88-0x0000000000240000-0x0000000000242000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-63-0x0000000000090000-0x0000000000092000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-64-0x00000000000A0000-0x00000000000A2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-59-0x00000000002F0000-0x00000000002F2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-61-0x0000000000000000-mapping.dmp
    Download
  • memory/1660-76-0x0000000000160000-0x0000000000162000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-84-0x0000000000220000-0x0000000000222000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-86-0x0000000000240000-0x0000000000242000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-83-0x00000000001D0000-0x00000000001D2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-82-0x00000000001C0000-0x00000000001C2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-81-0x00000000001B0000-0x00000000001B2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-75-0x0000000000150000-0x0000000000152000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-79-0x0000000000190000-0x0000000000192000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-78-0x0000000000180000-0x0000000000182000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-65-0x00000000000B0000-0x00000000000B2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-66-0x00000000000C0000-0x00000000000C2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-80-0x00000000001A0000-0x00000000001A2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-74-0x0000000000140000-0x0000000000142000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-73-0x0000000000130000-0x0000000000132000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-72-0x0000000000120000-0x0000000000122000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-71-0x0000000000110000-0x0000000000112000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-70-0x0000000000100000-0x0000000000102000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-69-0x00000000000F0000-0x00000000000F2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-68-0x00000000000E0000-0x00000000000E2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1660-67-0x00000000000D0000-0x00000000000D2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1956-55-0x0000000000670000-0x000000000073A000-memory.dmp
    Filesize

    808KB

    Download
  • memory/1956-57-0x0000000000400000-0x00000000005FE000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1956-58-0x0000000074F01000-0x0000000074F03000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1956-54-0x0000000000670000-0x000000000073A000-memory.dmp
    Filesize

    808KB

    Download
  • memory/1956-87-0x0000000000400000-0x00000000005FE000-memory.dmp
    Filesize

    2.0MB

    Download
  • memory/1956-56-0x0000000001EB0000-0x00000000020A3000-memory.dmp
    Filesize

    1.9MB

    Download