danabot | a835d0a363da3392795acfd5a23004c04e9014b5eea42bb65c1564803514e62c

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04-06-2023 11:22

Target

04305899.dll
Size

1.3MB
MD5

e19fc2c2485093be5db8883bd76c5b1b
SHA1

08108bc08bc7c367784a9690c88fe604c8bddd99
SHA256

a835d0a363da3392795acfd5a23004c04e9014b5eea42bb65c1564803514e62c
SHA512

6224205bd61d33c9f1b414077e8180afd3a947a41908936838e240aa4481b3f53e8bc73ce2edf793114fc5fd49b3cac04a051221cb7b8416013d10718f3eaf3e
SSDEEP

24576:V8FG6VuIFaXYLPt2vPUzE29sZK2iGTiaPV:2bL9stTL

Score

10^/10

Family

danabot

Botnet

213.252.245.80:443

Attributes

rsa_pubkey.plain

rsa_privkey.plain

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot Loader Component 14 IoCs

Processes:

resource	yara_rule
behavioral2/memory/464-133-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-134-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-135-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-136-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-137-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-138-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-139-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-140-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-141-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-142-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-143-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-144-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-145-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021
behavioral2/memory/464-146-0x0000000000400000-0x0000000000560000-memory.dmp	DanabotLoader2021

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

6 464 rundll32.exe

flow	pid	process
6	464	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1940 wrote to memory of 464	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 464	1940	rundll32.exe	rundll32.exe
PID 1940 wrote to memory of 464	1940	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04305899.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1940

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04305899.dll,#1
2⤵
- Blocklisted process makes network request
PID:464

memory/464-133-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-134-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-135-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-136-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-137-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-138-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-139-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-140-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-141-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-142-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-143-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-144-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-145-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download
memory/464-146-0x0000000000400000-0x0000000000560000-memory.dmp

Filesize
1.4MB

Download