danabot | 5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551

Analysis

max time kernel
86s
max time network
142s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
08/10/2022, 11:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe
Size

1.3MB
MD5

c52a84100b9087a2f012b0c4518b34f5
SHA1

ee2d7f28779e2b0e66678b1566d02d8c2f8afc82
SHA256

5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551
SHA512

648d5c210340f3a3aae357d52eb8325878f5fe22e6a04fb48ba9f514d4a9ff914e8b683eda17ff9f009ff79aeafc5b4d780286875fa967e2ba40a0643d960bcc
SSDEEP

24576:LkNdZZ2WeYXLILyHqnKXjhnQL4l/T5uHfYddHbLqQjDsH:LsjrdVM4hVu/Yd9

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Program crash 2 IoCs

pid	pid_target	Process	procid_target
996	3048	WerFault.exe	65
2900	3048	WerFault.exe	65

Suspicious use of WriteProcessMemory 17 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 1940	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	66
PID 3048 wrote to memory of 1940	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	66
PID 3048 wrote to memory of 1940	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	66
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68
PID 3048 wrote to memory of 2432	3048	5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe	68

C:\Users\Admin\AppData\Local\Temp\5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe
"C:\Users\Admin\AppData\Local\Temp\5bf179d7a0b5939cecd4cd9bd387d75b69f2691be0d251cbea9fbdff3580c551.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Windows\SysWOW64\appidtel.exe
  C:\Windows\system32\appidtel.exe
  2⤵
  PID:1940
- C:\Windows\syswow64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  PID:2432
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 616
  2⤵
  - Program crash
  PID:996
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 592
  2⤵
  - Program crash
  PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1940-164-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-163-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-162-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-161-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-160-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-159-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-158-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-156-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-155-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-154-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/1940-153-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-151-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-130-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-134-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-135-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-136-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-137-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-138-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-139-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-140-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-141-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-143-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-144-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-145-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-146-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-147-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-148-0x0000000002430000-0x0000000002553000-memory.dmp

Filesize
1.1MB

Download
memory/3048-149-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-120-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-150-0x00000000025A0000-0x0000000002862000-memory.dmp

Filesize
2.8MB

Download
memory/3048-125-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-127-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-129-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-132-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-157-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3048-131-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-133-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-128-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-126-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-124-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-123-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-122-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-121-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-165-0x0000000002430000-0x0000000002553000-memory.dmp

Filesize
1.1MB

Download
memory/3048-166-0x00000000025A0000-0x0000000002862000-memory.dmp

Filesize
2.8MB

Download
memory/3048-167-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3048-168-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3048-169-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3048-170-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-171-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-172-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-173-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-174-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-175-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-176-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-177-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-178-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-179-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-180-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-181-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-182-0x0000000077C80000-0x0000000077E0E000-memory.dmp

Filesize
1.6MB

Download
memory/3048-183-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads