danabot | 6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960

Analysis

max time kernel
205s
max time network
172s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
12-10-2022 05:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe
Size

1.2MB
MD5

e70c8bbbd8faa7cb8fb555f6bbe98a12
SHA1

c6c1d1fa31fe1d2906ef7837c1151a1d13a80679
SHA256

6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960
SHA512

3029d003a4d59dff4549959a030407f47136cfd8b85c985bd55aa800590579e95183d50de740c09cacc7fe2e9113d162c3b1296d7b2dff679c4a77ab7aded0ef
SSDEEP

24576:xImPENtb1LF4cCysOYImXOO9u8TFYFfZd4rj9YlmAxOZppvOGTJ/u:xLsfAIo40S9ZeRkmAxOHpvOG1G

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Program crash 3 IoCs

pid	pid_target	Process	procid_target
3420	2748	WerFault.exe	65
1812	2748	WerFault.exe	65
4288	2748	WerFault.exe	65

Suspicious use of WriteProcessMemory 31 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 4092	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	66
PID 2748 wrote to memory of 4092	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	66
PID 2748 wrote to memory of 4092	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	66
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69
PID 2748 wrote to memory of 5088	2748	6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe	69

C:\Users\Admin\AppData\Local\Temp\6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe
"C:\Users\Admin\AppData\Local\Temp\6563565af9b7b4e106e8687f64a80922b10dc33e3f4020b07b8b640575d35960.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\SysWOW64\appidtel.exe
  C:\Windows\system32\appidtel.exe
  2⤵
  PID:4092
- C:\Windows\syswow64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  PID:5088
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 608
  2⤵
  - Program crash
  PID:3420
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 632
  2⤵
  - Program crash
  PID:1812
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 640
  2⤵
  - Program crash
  PID:4288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2748-146-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-122-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-116-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-118-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-119-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-120-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-121-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-115-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-123-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-124-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-125-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-126-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-127-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-128-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-129-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-131-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-132-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-133-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-134-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-135-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-136-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-137-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-138-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-139-0x00000000024E0000-0x0000000002615000-memory.dmp

Filesize
1.2MB

Download
memory/2748-140-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-142-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-141-0x0000000002620000-0x00000000028FB000-memory.dmp

Filesize
2.9MB

Download
memory/2748-143-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-144-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-145-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-160-0x00000000024E0000-0x0000000002615000-memory.dmp

Filesize
1.2MB

Download
memory/2748-147-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2748-117-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-161-0x0000000002620000-0x00000000028FB000-memory.dmp

Filesize
2.9MB

Download
memory/2748-162-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2748-163-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2748-164-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-176-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2748-175-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-174-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-173-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-172-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-171-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-170-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-165-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-166-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-167-0x0000000000400000-0x00000000006E8000-memory.dmp

Filesize
2.9MB

Download
memory/2748-168-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-169-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/4092-154-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/4092-153-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/4092-152-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/4092-151-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/4092-150-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/4092-149-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/4092-155-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/4092-156-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/4092-157-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/4092-158-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/4092-159-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads