danabot | b163b8afe803e06bfee099dfddaf064bc97e14b62737e74e9828b1f0dff40789

Analysis

max time kernel
145s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 20:33

Target

0341a82397f4b8cf3ca386e41a94f426.dll
Size

1.3MB
MD5

0341a82397f4b8cf3ca386e41a94f426
SHA1

6e2b25984b55def37bf4942b5a1b3ea7a8dac3e9
SHA256

b163b8afe803e06bfee099dfddaf064bc97e14b62737e74e9828b1f0dff40789
SHA512

e20754191fec32942f76fdbec32c5801deefb75221320f6694764d533acfca32f52891027b154a16fc0e5343565f7d6c4e0a2b799489cb21e027d1626cdb7e01
SSDEEP

24576:ncF25gLhY+65PWaB0Uuwx7ReYKVdZmTzaXQ+:cOTMY4vmTp+

Score

10^/10

Family

danabot

Botnet

192.210.222.81:443

23.229.29.48:443

5.9.224.204:443

192.255.166.212:443

Attributes

rsa_pubkey.plain

rsa_privkey.plain

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot Loader Component 14 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1172-0-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-1-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-2-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-3-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-4-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-5-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-6-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-7-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-8-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-9-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-10-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-11-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-12-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021
behavioral2/memory/1172-13-0x0000000000400000-0x0000000000561000-memory.dmp	DanabotLoader2021

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

4 1172 rundll32.exe

flow	pid	process
4	1172	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4260 wrote to memory of 1172	4260	rundll32.exe	rundll32.exe
PID 4260 wrote to memory of 1172	4260	rundll32.exe	rundll32.exe
PID 4260 wrote to memory of 1172	4260	rundll32.exe	rundll32.exe

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0341a82397f4b8cf3ca386e41a94f426.dll,#1
1⤵
- Blocklisted process makes network request
PID:1172

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0341a82397f4b8cf3ca386e41a94f426.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4260

memory/1172-0-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-1-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-2-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-3-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-4-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-5-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-6-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-7-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-8-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-9-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-10-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-11-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-12-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download
memory/1172-13-0x0000000000400000-0x0000000000561000-memory.dmp

Filesize
1.4MB

Download