danabot | fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7

Analysis

max time kernel
145s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
10-10-2022 14:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe
Size

1.3MB
MD5

a3239e7df1bfb004caf752e494c8eccf
SHA1

6b1d840b21a1df3c5ef1c1488f21109cdb4a6c6b
SHA256

fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7
SHA512

724ac4e3bab9856ae2ae433726c6d3f369881fea36fd28edb19aec04e893006149e0c459128900bd136a439f6149ba8aba5d6d96478bada68d7258b1336f5b3e
SSDEEP

24576:UjnHBfXpFET6ubBp3eVp7hzM4uLUC2fANyPQ6s5yir7yu0av6CfgmVpie1QxE+vi:UjnhfXpFET3BpCpdt0l2fSyPClyCfLV8

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3584	3828	WerFault.exe	65
2020	3828	WerFault.exe	65

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3828 wrote to memory of 4784	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	66
PID 3828 wrote to memory of 4784	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	66
PID 3828 wrote to memory of 4784	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	66
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69
PID 3828 wrote to memory of 4656	3828	fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe	69

C:\Users\Admin\AppData\Local\Temp\fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe
"C:\Users\Admin\AppData\Local\Temp\fe6e6d5a27213b800e118188f7e0375537ed109c2c5ded0c9e3915f70be64ed7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3828
- C:\Windows\SysWOW64\appidtel.exe
  C:\Windows\system32\appidtel.exe
  2⤵
  PID:4784
- C:\Windows\syswow64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  PID:4656
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 604
  2⤵
  - Program crash
  PID:3584
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 580
  2⤵
  - Program crash
  PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3828-165-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-176-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-118-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-119-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-120-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-121-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-122-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-123-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-124-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-125-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-180-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3828-128-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-127-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-129-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-131-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-132-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-133-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-134-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-135-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-136-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-137-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-138-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-139-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-140-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-141-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-142-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-143-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-144-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-145-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-146-0x0000000000B80000-0x0000000000CA1000-memory.dmp

Filesize
1.1MB

Download
memory/3828-178-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-117-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-126-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-179-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-147-0x0000000002500000-0x00000000027C2000-memory.dmp

Filesize
2.8MB

Download
memory/3828-177-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-175-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-174-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-173-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-172-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-171-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-158-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3828-170-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-169-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-161-0x0000000000B80000-0x0000000000CA1000-memory.dmp

Filesize
1.1MB

Download
memory/3828-162-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3828-163-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3828-164-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3828-116-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-166-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-167-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/3828-168-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4784-156-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4784-160-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4784-159-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4784-157-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4784-155-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4784-154-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4784-153-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4784-152-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4784-151-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4784-150-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download
memory/4784-149-0x0000000077440000-0x00000000775CE000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads