danabot | b09c865208a4ae4f0960b5acc8229e7964a5c237cc0dd3de82137c65afcd91be

General

Target

b09c865208a4ae4f0960b5acc8229e7964a5c237cc0dd3de82137c65afcd91be.exe
Size

1.3MB
MD5

5bca63386bbada2c021da12fae6e0a2b
SHA1

9ac800c5c720e0c4f6a21fdb27211c4a9a875452
SHA256

b09c865208a4ae4f0960b5acc8229e7964a5c237cc0dd3de82137c65afcd91be
SHA512

957f2cc397158d9784fb4c45349f16597c28837064a40b7865c291a29acf1cb2d21334efe5bb5e861f98cc1453d800ac0f60bc28d6b1aaed89d2b6463f376339
SSDEEP

24576:gxC2KKidDV9B6QuLVfWCd9ussFRArL4S81ax0q79AyFds5WLGsdtJO2Zctc666zT:gxCtHTALhWC7qcrAjELBdrDZct663

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

b09c865208a4ae4f0960b5acc8229e7964a5c237cc0dd3de82137c65afcd91be.exe

description	pid	process	target process
PID 2416 wrote to memory of 1516	2416	b09c865208a4ae4f0960b5acc8229e7964a5c237cc0dd3de82137c65afcd91be.exe	appidtel.exe
PID 2416 wrote to memory of 1516	2416	b09c865208a4ae4f0960b5acc8229e7964a5c237cc0dd3de82137c65afcd91be.exe	appidtel.exe
PID 2416 wrote to memory of 1516	2416	b09c865208a4ae4f0960b5acc8229e7964a5c237cc0dd3de82137c65afcd91be.exe	appidtel.exe

C:\Users\Admin\AppData\Local\Temp\b09c865208a4ae4f0960b5acc8229e7964a5c237cc0dd3de82137c65afcd91be.exe
"C:\Users\Admin\AppData\Local\Temp\b09c865208a4ae4f0960b5acc8229e7964a5c237cc0dd3de82137c65afcd91be.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2416

C:\Windows\SysWOW64\appidtel.exe
C:\Windows\system32\appidtel.exe
2⤵
PID:1516

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1516-151-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1516-164-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1516-163-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1516-162-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1516-157-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1516-161-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1516-160-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1516-159-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1516-153-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1516-156-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1516-155-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/1516-150-0x0000000000000000-mapping.dmp

Download
memory/2416-145-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-152-0x00000000032C0000-0x00000000033EF000-memory.dmp

Filesize
1.2MB

Download
memory/2416-135-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-136-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-137-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-138-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-139-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-140-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-141-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-142-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-143-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-144-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-120-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-146-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-147-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-148-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-149-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-132-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-131-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-133-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-130-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-154-0x0000000004C90000-0x0000000004F5C000-memory.dmp

Filesize
2.8MB

Download
memory/2416-129-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-128-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-158-0x0000000000400000-0x0000000002D3B000-memory.dmp

Filesize
41.2MB

Download
memory/2416-127-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-126-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-125-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-124-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-123-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-122-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-121-0x00000000774F0000-0x000000007767E000-memory.dmp

Filesize
1.6MB

Download
memory/2416-165-0x00000000032C0000-0x00000000033EF000-memory.dmp

Filesize
1.2MB

Download
memory/2416-166-0x0000000000400000-0x0000000002D3B000-memory.dmp

Filesize
41.2MB

Download
memory/2416-167-0x0000000000400000-0x0000000002D3B000-memory.dmp

Filesize
41.2MB

Download
memory/2416-168-0x0000000000400000-0x0000000002D3B000-memory.dmp

Filesize
41.2MB

Download
memory/2416-169-0x0000000000400000-0x0000000002D3B000-memory.dmp

Filesize
41.2MB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads