Overview

overview

10

Static

static

3

07828a6628...28.exe

windows7-x64

10

07828a6628...28.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-12-2023 10:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    07828a66286c07d883d03fbac1c7d628.exe

  • Size

    1.1MB

  • MD5

    07828a66286c07d883d03fbac1c7d628

  • SHA1

    64721c7e154f07841dd2e30a95dcf3a23033590f

  • SHA256

    79c78c566a3eef320ab9b6df4da247462250acd908e98be22461929b3fe4ec39

  • SHA512

    2c9638990c8088442d2847f3f45d7ccebeed4d0bef0a52f7761a8a4e81be53e683aa3350c617456e10c4d4bb18a205627f7b7169d1f69330cb57a2c5e13cfd6f

  • SSDEEP

    24576:rhxjcpMRNv57ENuzPFUob5/qFKGtd8HjW0YBXoX+jE:rNR77EoX5/qwGjk+Y+jE

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.192.232:443

192.119.110.73:443

142.11.242.31:443

192.210.222.88:443
Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 11 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\07828a66286c07d883d03fbac1c7d628.exe
    "C:\Users\Admin\AppData\Local\Temp\07828a66286c07d883d03fbac1c7d628.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3492
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\07828A~1.DLL,s C:\Users\Admin\AppData\Local\Temp\07828A~1.EXE
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:3544
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 444
      2⤵
      • Program crash
      PID:2044
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3492 -ip 3492
    1⤵
      PID:2892

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\07828A~1.DLL
      Filesize

      972KB

      MD5

      2283d4a369852960860f0ca7ddddda64

      SHA1

      fceacc1ee4cdd063797ec8fc0de457aa01b74627

      SHA256

      1894be690fbf48707b7d41421237a051567943fe90ad08073733912d1c568323

      SHA512

      3340fd25972dea22ad64867aa8c0c65a9fd1d1ebbfcb047a6b92a73f638d61e3aa048f628ac760ffad45571a1ae24ccc07a066c97d7ba9721e26fe30f945bd44

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\07828A~1.EXE.dll
      Filesize

      1022KB

      MD5

      f4832305a9306f0745577839aa158b0a

      SHA1

      41c5f6650df38b78a50e4a2a218d46fb8a3105cf

      SHA256

      76bcdf51b3d1815bc56752f8451adcede20a2ceb4172e6e5882843d0ee3aa0c9

      SHA512

      fb0c8f197eea0f1e339a2808edb0c6e9b8369329980af0b47c8983565de2b466a02cef839c52bc26b72ddce441a1842cc44248942fcabfa77b0651d71ee131d3

      Download Submit
    • memory/3492-1-0x0000000000B50000-0x0000000000C47000-memory.dmp
      Filesize

      988KB

      Download
    • memory/3492-2-0x0000000000E00000-0x0000000000F05000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/3492-3-0x0000000000400000-0x000000000094F000-memory.dmp
      Filesize

      5.3MB

      Download
    • memory/3492-8-0x0000000000400000-0x000000000094F000-memory.dmp
      Filesize

      5.3MB

      Download
    • memory/3492-9-0x0000000000E00000-0x0000000000F05000-memory.dmp
      Filesize

      1.0MB

      Download
    • memory/3544-18-0x0000000000400000-0x0000000000561000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/3544-10-0x0000000000400000-0x0000000000561000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/3544-19-0x0000000000400000-0x0000000000561000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/3544-20-0x0000000000400000-0x0000000000561000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/3544-21-0x0000000000400000-0x0000000000561000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/3544-22-0x0000000000400000-0x0000000000561000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/3544-23-0x0000000000400000-0x0000000000561000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/3544-24-0x0000000000400000-0x0000000000561000-memory.dmp
      Filesize

      1.4MB

      Download
    • memory/3544-25-0x0000000000400000-0x0000000000561000-memory.dmp
      Filesize

      1.4MB

      Download