danabot | abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af

Analysis

max time kernel
109s
max time network
114s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
19/10/2022, 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe
Size

1.3MB
MD5

76382b7d0f6adf19177349a6bba70871
SHA1

aebd1817e812aba0256e6601dc0d6b50422f6978
SHA256

abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af
SHA512

905f20366cceb2e6768ce2c918b08f2876a23065517351fc5d6bd67af62297ae3acd77c7083a78b9d83415517dab5fa95a5734536a743ba31c8834848f9e3537
SSDEEP

24576:4T0rUloXAX1f/E6Afb7r2kfFDih9OAUPkYuaatFz+cGMmaXG+mu9pjRjdQ5:4TEUOE1PAfJFOh9OAkk9vFRG0vVBdQ5

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3796	3040	WerFault.exe	65
1996	3040	WerFault.exe	65

Suspicious use of WriteProcessMemory 26 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 4788	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	66
PID 3040 wrote to memory of 4788	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	66
PID 3040 wrote to memory of 4788	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	66
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70
PID 3040 wrote to memory of 4536	3040	abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe	70

C:\Users\Admin\AppData\Local\Temp\abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe
"C:\Users\Admin\AppData\Local\Temp\abe0c546fa9e5be61b51f294b2ac934285d755e0cedff611e382005109dd94af.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\appidtel.exe
  C:\Windows\system32\appidtel.exe
  2⤵
  PID:4788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 612
  2⤵
  - Program crash
  PID:3796
- C:\Windows\syswow64\rundll32.exe
  "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
  2⤵
  PID:4536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 636
  2⤵
  - Program crash
  PID:1996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3040-149-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-166-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3040-120-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-121-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-122-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-123-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-124-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-126-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-127-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-128-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-129-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-130-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-131-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-132-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-133-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-134-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-136-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-135-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-137-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-138-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-139-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-140-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-141-0x00000000009B0000-0x0000000000AD2000-memory.dmp

Filesize
1.1MB

Download
memory/3040-143-0x00000000024A0000-0x0000000002762000-memory.dmp

Filesize
2.8MB

Download
memory/3040-142-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-144-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-145-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-146-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-147-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-163-0x00000000009B0000-0x0000000000AD2000-memory.dmp

Filesize
1.1MB

Download
memory/3040-119-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-118-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-148-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-164-0x00000000024A0000-0x0000000002762000-memory.dmp

Filesize
2.8MB

Download
memory/3040-165-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3040-155-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3040-179-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3040-178-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-177-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-176-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-175-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-174-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-173-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-172-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-167-0x0000000000400000-0x00000000006CE000-memory.dmp

Filesize
2.8MB

Download
memory/3040-168-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-169-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-170-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/3040-171-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4788-160-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4788-159-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4788-158-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4788-153-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4788-154-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4788-152-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4788-151-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4788-161-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4788-162-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4788-157-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download
memory/4788-156-0x00000000779B0000-0x0000000077B3E000-memory.dmp

Filesize
1.6MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads