danabot | 9f077c3d55151dab5897a8be129b14b8aa8f87fbd73376cdffd3873d6e7bd726

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02-11-2023 13:36

Target

9f077c3d55151dab5897a8be129b14b8aa8f87fbd73376cdffd3873d6e7bd726.dll
Size

1.3MB
MD5

2bdc3163268f46ab50e8b5b45498aa42
SHA1

7750ddbc286c6c2de222846edaea92d08a348061
SHA256

9f077c3d55151dab5897a8be129b14b8aa8f87fbd73376cdffd3873d6e7bd726
SHA512

825736505d1dc0a68a8c6a840e11174b3572a39c5405c4daca1e5349462014b439e46a104af812f3499fe98cd2ba46dcd9c888aff513d4b1147cae5e6097a866
SSDEEP

24576:qcFXBjis24E0ykpDOxlEtesuSibHsVS+kVxTQPTBWcys:RD2JKtesQbHd++T2BWPs

Score

10^/10

Family

danabot

Botnet

192.236.161.79:443

192.236.146.39:443

37.220.31.27:443

Attributes

rsa_pubkey.plain

rsa_privkey.plain

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

28 2852 rundll32.exe

flow	pid	process
28	2852	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3348 wrote to memory of 2852	3348	rundll32.exe	rundll32.exe
PID 3348 wrote to memory of 2852	3348	rundll32.exe	rundll32.exe
PID 3348 wrote to memory of 2852	3348	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f077c3d55151dab5897a8be129b14b8aa8f87fbd73376cdffd3873d6e7bd726.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3348

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f077c3d55151dab5897a8be129b14b8aa8f87fbd73376cdffd3873d6e7bd726.dll,#1
2⤵
- Blocklisted process makes network request
PID:2852

memory/2852-0-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-1-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-2-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-3-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-4-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-5-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-6-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-7-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-8-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-9-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-10-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-11-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-12-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-13-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download
memory/2852-14-0x0000000002210000-0x000000000236C000-memory.dmp

Filesize
1.4MB

Download