danabot | 99ff77d2dd4c686a7e9b1a1c64187b97e9e5631b9e72bbd88d16ab0c94bc78c3

Analysis

max time kernel
84s
max time network
59s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
06/10/2022, 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

99ff77d2dd4c686a7e9b1a1c64187b97e9e5631b9e72bbd88d16ab0c94bc78c3.exe
Size

4.5MB
MD5

b359054ea037356741088d19fe85c353
SHA1

005a81a52243baed19f7c6cf61b461f09eaa7ef0
SHA256

99ff77d2dd4c686a7e9b1a1c64187b97e9e5631b9e72bbd88d16ab0c94bc78c3
SHA512

54b14d73c914082cb7179e114963bfccb6424b0ec3d6ea3414284cb1208b4fcd9651fd44f28b1e3ab9bc2cf547a680ffe3990ff11d110770ae6d4b8f04c59f6e
SSDEEP

98304:ENJssLJHPIEBnh9+vNsCfkSdWJymnokAg32VU1iCj1sT/Yusl:Es4tPjnh968YgokA3Z5sl

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
EAD30BF58E340E9E105B328F524565E0
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 3952	3068	99ff77d2dd4c686a7e9b1a1c64187b97e9e5631b9e72bbd88d16ab0c94bc78c3.exe	66
PID 3068 wrote to memory of 3952	3068	99ff77d2dd4c686a7e9b1a1c64187b97e9e5631b9e72bbd88d16ab0c94bc78c3.exe	66
PID 3068 wrote to memory of 3952	3068	99ff77d2dd4c686a7e9b1a1c64187b97e9e5631b9e72bbd88d16ab0c94bc78c3.exe	66

C:\Users\Admin\AppData\Local\Temp\99ff77d2dd4c686a7e9b1a1c64187b97e9e5631b9e72bbd88d16ab0c94bc78c3.exe
"C:\Users\Admin\AppData\Local\Temp\99ff77d2dd4c686a7e9b1a1c64187b97e9e5631b9e72bbd88d16ab0c94bc78c3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\appidtel.exe
  C:\Windows\system32\appidtel.exe
  2⤵
  PID:3952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3068-145-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-140-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-122-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-123-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-124-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-125-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-126-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-127-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-128-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-129-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-130-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-131-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-132-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-133-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-134-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-135-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-136-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-137-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-139-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-146-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-141-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-138-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-143-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-144-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-121-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-120-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-147-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-149-0x0000000002870000-0x0000000002CDC000-memory.dmp

Filesize
4.4MB

Download
memory/3068-148-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-151-0x0000000002CE0000-0x00000000032F6000-memory.dmp

Filesize
6.1MB

Download
memory/3068-150-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-170-0x0000000000400000-0x0000000000A22000-memory.dmp

Filesize
6.1MB

Download
memory/3068-169-0x0000000000400000-0x0000000000A22000-memory.dmp

Filesize
6.1MB

Download
memory/3068-168-0x0000000000400000-0x0000000000A22000-memory.dmp

Filesize
6.1MB

Download
memory/3068-167-0x0000000000400000-0x0000000000A22000-memory.dmp

Filesize
6.1MB

Download
memory/3068-166-0x0000000002CE0000-0x00000000032F6000-memory.dmp

Filesize
6.1MB

Download
memory/3068-156-0x0000000000400000-0x0000000000A22000-memory.dmp

Filesize
6.1MB

Download
memory/3068-165-0x0000000002870000-0x0000000002CDC000-memory.dmp

Filesize
4.4MB

Download
memory/3952-163-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3952-160-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3952-161-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3952-162-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3952-159-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3952-164-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3952-158-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3952-157-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3952-154-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3952-155-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download
memory/3952-153-0x0000000077DB0000-0x0000000077F3E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads