Overview

overview

10

Static

static

6e10b61070...23.exe

windows7-x64

10

6e10b61070...23.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    61s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-12-2022 08:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6e10b6107066da8b83187a14c8b68b23.exe

  • Size

    2.4MB

  • MD5

    6e10b6107066da8b83187a14c8b68b23

  • SHA1

    bfe5bb0d1fbd503226abf58fbd88e91e8f17ba05

  • SHA256

    804a0999f1e0c5a8e083f0a36ccfe7ad8a6ab94a0c77d6ab74175540c990f95e

  • SHA512

    6f4715008d918f0a940bae3970e072c39b16a6c8fb66f10bc32c4b611c93a437b3475646d0fafa3e814af6d5013a518ba5893c2c984b558f66733b4d03f83461

  • SSDEEP

    49152:jp3TkvTxVW0z7cby/T8uzPI57F0KaCz2avq7aYm:gWMBzPI57F03C5Ym

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443
Attributes
  • embedded_hash

    8F56CD73F6B5CD5D7B17B0BA61E70A82

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e10b6107066da8b83187a14c8b68b23.exe
    "C:\Users\Admin\AppData\Local\Temp\6e10b6107066da8b83187a14c8b68b23.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4156
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Iseiuaqptde.dll,start
      2⤵
      • Loads dropped DLL
      PID:2380
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 680
      2⤵
      • Program crash
      PID:1476
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 4156 -ip 4156
    1⤵
      PID:4560

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\Iseiuaqptde.dll
      Filesize

      2.4MB

      MD5

      753a8ed441dfdec7ba137fd84a1ee704

      SHA1

      d068249560dedc5ad26faf4ec1b6e95c4f7ae130

      SHA256

      1e7e3ecd705acb683d00f2078dcc5758b7656db39fbbc90474c3ce3d958569f2

      SHA512

      86ba97f41ad839fc7d3000b355ff3bec9cd5183ae8f074f83b72be5f63ddcafeced8bfd1ba2a2e3eb70688b987bae681904ddc81ab8aa056c4468c0c3be7a81b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Iseiuaqptde.dll
      Filesize

      2.4MB

      MD5

      753a8ed441dfdec7ba137fd84a1ee704

      SHA1

      d068249560dedc5ad26faf4ec1b6e95c4f7ae130

      SHA256

      1e7e3ecd705acb683d00f2078dcc5758b7656db39fbbc90474c3ce3d958569f2

      SHA512

      86ba97f41ad839fc7d3000b355ff3bec9cd5183ae8f074f83b72be5f63ddcafeced8bfd1ba2a2e3eb70688b987bae681904ddc81ab8aa056c4468c0c3be7a81b

      Download Submit

    • memory/2380-138-0x0000000000400000-0x0000000000671000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/2380-139-0x0000000000400000-0x0000000000671000-memory.dmp

      Filesize

      2.4MB

      Download

    • memory/4156-135-0x0000000000B1F000-0x0000000000D6A000-memory.dmp

      Filesize

      2.3MB

      Download

    • memory/4156-136-0x0000000002650000-0x00000000029D5000-memory.dmp

      Filesize

      3.5MB

      Download

    • memory/4156-137-0x0000000000400000-0x0000000000791000-memory.dmp

      Filesize

      3.6MB

      Download