danabot | 5ef9be168751664f84385f33b62bef6a3617bb4aa5b482fefd5a4e2e16b76fc0

Analysis

max time kernel
48s
max time network
148s
platform
windows10-1703_x64
resource
win10-20220901-en
resource tags

arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
submitted
09-12-2022 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5ef9be168751664f84385f33b62bef6a3617bb4aa5b482fefd5a4e2e16b76fc0.exe
Size

2.5MB
MD5

ef4a25145ba4b158bcc06f4061a46250
SHA1

3fccbda67b5d2040265b732ad3a66ba0b6a16115
SHA256

5ef9be168751664f84385f33b62bef6a3617bb4aa5b482fefd5a4e2e16b76fc0
SHA512

f6bd47d4bc8feca4deba24a91664a0da7acca4f052d92679eeda9a9dd4f4756d103ef3db4e1f61a9f5a4437df22e4acd02d5acce19dc8929ff4e9c372554a3dd
SSDEEP

49152:mCAJ4YBXvqBXSrCLjtzfLMr9hjlZmF0LkYFCRA9E/MT9VvUbDlc/Dua:PAJ4YCVS4zDMJhuF0LkoGE38PCLua

Score

10^/10

danabot banker trojan

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
341D2FD1638BB267A80C7445E1909B57
type
loader

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Loads dropped DLL 1 IoCs

Processes:

rundll32.exe

pid process

2292 rundll32.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3308 2292 WerFault.exe rundll32.exe

pid	process
2292	rundll32.exe

pid	pid_target	process	target process
3308	2292	WerFault.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

5ef9be168751664f84385f33b62bef6a3617bb4aa5b482fefd5a4e2e16b76fc0.exe

description	pid	process	target process
PID 328 wrote to memory of 2292	328	5ef9be168751664f84385f33b62bef6a3617bb4aa5b482fefd5a4e2e16b76fc0.exe	rundll32.exe
PID 328 wrote to memory of 2292	328	5ef9be168751664f84385f33b62bef6a3617bb4aa5b482fefd5a4e2e16b76fc0.exe	rundll32.exe
PID 328 wrote to memory of 2292	328	5ef9be168751664f84385f33b62bef6a3617bb4aa5b482fefd5a4e2e16b76fc0.exe	rundll32.exe

C:\Users\Admin\AppData\Local\Temp\5ef9be168751664f84385f33b62bef6a3617bb4aa5b482fefd5a4e2e16b76fc0.exe
"C:\Users\Admin\AppData\Local\Temp\5ef9be168751664f84385f33b62bef6a3617bb4aa5b482fefd5a4e2e16b76fc0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:328

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Didddpquafu.dll,start
2⤵
- Loads dropped DLL
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 656
3⤵
- Program crash
PID:3308

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Didddpquafu.dll
Filesize
2.4MB

MD5
9c5176231813f89d805c9d3d062d15a4

SHA1
8399837cb835cb5cc6d62a2dcd5ae6074b4a73ef

SHA256
54151fdf5083d1fafa46c1220584a236cc99b3a012bd92fbafead6fbddca5fbc

SHA512
055c8e1c5e1a3431a68d7fa9e798aea55bf039df8a35cf052f02fece389f829323cf907ae799aecb5746adc26b47a6cfc0a732d781d906ebb0366658423356da

Download Submit
\Users\Admin\AppData\Local\Temp\Didddpquafu.dll
Filesize
2.4MB

MD5
9c5176231813f89d805c9d3d062d15a4

SHA1
8399837cb835cb5cc6d62a2dcd5ae6074b4a73ef

SHA256
54151fdf5083d1fafa46c1220584a236cc99b3a012bd92fbafead6fbddca5fbc

SHA512
055c8e1c5e1a3431a68d7fa9e798aea55bf039df8a35cf052f02fece389f829323cf907ae799aecb5746adc26b47a6cfc0a732d781d906ebb0366658423356da

Download Submit
memory/328-157-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-127-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-124-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-125-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-126-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-158-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-128-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-129-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-130-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-131-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-159-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-132-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-134-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-136-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-137-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-138-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-139-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-140-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-142-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-143-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-144-0x00000000023A0000-0x00000000025F6000-memory.dmp

Filesize
2.3MB

Download
memory/328-145-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-146-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-147-0x0000000002600000-0x0000000002985000-memory.dmp

Filesize
3.5MB

Download
memory/328-141-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-148-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-149-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-150-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-151-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-120-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-153-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-155-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-156-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-154-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-152-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-123-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-133-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-160-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-161-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-162-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-163-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-164-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-165-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-166-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-167-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-168-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-170-0x0000000000400000-0x0000000000792000-memory.dmp

Filesize
3.6MB

Download
memory/328-169-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-171-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-121-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-122-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-174-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/328-179-0x0000000000400000-0x0000000000792000-memory.dmp

Filesize
3.6MB

Download
memory/328-176-0x0000000002600000-0x0000000002985000-memory.dmp

Filesize
3.5MB

Download
memory/2292-180-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-190-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-178-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-187-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-181-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-177-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-185-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-182-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-175-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-183-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-189-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-188-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-186-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-184-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-173-0x0000000077460000-0x00000000775EE000-memory.dmp

Filesize
1.6MB

Download
memory/2292-172-0x0000000000000000-mapping.dmp

Download