danabot | 221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539

Analysis

max time kernel
316s
max time network
320s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
12/10/2022, 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe
Size

1.3MB
MD5

4015906016f5a97e82516c5313add3ec
SHA1

b5335aa1cc93ed08a37f22bef57ccb986ef862d9
SHA256

221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539
SHA512

2c8eac5f8f672b6c56430622331a4adc24a0fb18a5b6e34fd4b6a78c3712b6099e7bc770415c61b7792cdcaa4093e122e16e6475f917029aa682d80cace5908a
SSDEEP

24576:D/cPXh/olaaaRtNPCCBp7BwTevDaulxRA5zqT47egGoz6JqV17PFr4ah5Qrlj7:w5/4vaRtNPvBwTeb1A5+TKxj7Xl4ahC

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3648	3520	WerFault.exe	65

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 3520 wrote to memory of 4464	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	66
PID 3520 wrote to memory of 4464	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	66
PID 3520 wrote to memory of 4464	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	66
PID 3520 wrote to memory of 2860	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	69
PID 3520 wrote to memory of 2860	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	69
PID 3520 wrote to memory of 2860	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	69
PID 3520 wrote to memory of 2860	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	69
PID 3520 wrote to memory of 2860	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	69
PID 3520 wrote to memory of 2860	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	69
PID 3520 wrote to memory of 2860	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	69
PID 3520 wrote to memory of 2860	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	69
PID 3520 wrote to memory of 2860	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	69
PID 3520 wrote to memory of 2860	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	69
PID 3520 wrote to memory of 2860	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	69
PID 3520 wrote to memory of 2860	3520	221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe	69

C:\Users\Admin\AppData\Local\Temp\221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe
"C:\Users\Admin\AppData\Local\Temp\221572613439d57ea9311ef6b9e729c886cc273c9d9d73ce61f4ee8a65c44539.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3520
- C:\Windows\SysWOW64\appidtel.exe
  C:\Windows\system32\appidtel.exe
  2⤵
  PID:4464
- C:\Windows\syswow64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  PID:2860
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 624
  2⤵
  - Program crash
  PID:3648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3520-146-0x00000000025E0000-0x00000000028BB000-memory.dmp

Filesize
2.9MB

Download
memory/3520-119-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-117-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-118-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-115-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-120-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-121-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-122-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-123-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-124-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-125-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-126-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-127-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-128-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-129-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-131-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-132-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-133-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-134-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-135-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-136-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-137-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-138-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-139-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-140-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-141-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-142-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-143-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-116-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-175-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/3520-145-0x00000000024B0000-0x00000000025D8000-memory.dmp

Filesize
1.2MB

Download
memory/3520-147-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/3520-160-0x00000000024B0000-0x00000000025D8000-memory.dmp

Filesize
1.2MB

Download
memory/3520-161-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/3520-162-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/3520-163-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/3520-164-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-174-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-173-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-144-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-172-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-171-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-170-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-169-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-165-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-166-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-167-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/3520-168-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/4464-154-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/4464-153-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/4464-150-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/4464-152-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/4464-149-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/4464-151-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/4464-155-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/4464-156-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/4464-157-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/4464-158-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download
memory/4464-159-0x0000000076FE0000-0x000000007716E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads