Overview

overview

10

Static

static

3

7abd12f4c0...22.exe

windows7-x64

10

7abd12f4c0...22.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    27-01-2024 16:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7abd12f4c0935b02395fed41d3eabb22.exe

  • Size

    1.1MB

  • MD5

    7abd12f4c0935b02395fed41d3eabb22

  • SHA1

    ce09d720002bb05e8c0353dcd472c5cd10ce49df

  • SHA256

    d3657dd474e857255ae3ea6f0faabb6f9a6f7bf77423042e5eb827a9cb72d17a

  • SHA512

    edb16078ae88ee21306a7c3737a5dc67fc3a32483edd28fc78f95b578f9c3cd0003ad3c61d595a6177ae652528cc423b43bcb7bc890862025aac862b14c01fc3

  • SSDEEP

    24576:5j3U3V+/lHGb+KKbLJzh7pgyB92I4cl6vZPMUgl:58MphbLJztlcI4Yccl

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443
Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 5 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7abd12f4c0935b02395fed41d3eabb22.exe
    "C:\Users\Admin\AppData\Local\Temp\7abd12f4c0935b02395fed41d3eabb22.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1236
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\7ABD12~1.DLL,s C:\Users\Admin\AppData\Local\Temp\7ABD12~1.EXE
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\7ABD12~1.DLL
    Filesize

    1.3MB

    MD5

    4f87d546bc12eb3f5e062c9af64714a9

    SHA1

    24af09bea214cf8930b9a16de11161a997e1f00d

    SHA256

    7fadb01015e2bae0bfa054d48490814d64becee47d072d81bce43da6987f09d0

    SHA512

    0022878fb7c7d25ac8a6963c06634720326743e640381ac280c22986747af6c34e366fdb420a7607d2d11526d890f5072b0e9265bce172ed2cb277d4159f80b1

    Download Submit

  • memory/1236-9-0x0000000002490000-0x0000000002595000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1236-2-0x0000000002490000-0x0000000002595000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/1236-5-0x0000000000400000-0x000000000248B000-memory.dmp

    Filesize

    32.5MB

    Download

  • memory/1236-6-0x0000000000400000-0x000000000248B000-memory.dmp

    Filesize

    32.5MB

    Download

  • memory/1236-7-0x0000000000220000-0x000000000030E000-memory.dmp

    Filesize

    952KB

    Download

  • memory/1236-0-0x0000000000220000-0x000000000030E000-memory.dmp

    Filesize

    952KB

    Download

  • memory/1236-1-0x0000000000220000-0x000000000030E000-memory.dmp

    Filesize

    952KB

    Download

  • memory/1236-20-0x0000000000400000-0x000000000248B000-memory.dmp

    Filesize

    32.5MB

    Download

  • memory/1236-32-0x0000000000400000-0x000000000248B000-memory.dmp

    Filesize

    32.5MB

    Download

  • memory/2364-19-0x00000000021C0000-0x0000000002322000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2364-21-0x00000000021C0000-0x0000000002322000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2364-33-0x00000000021C0000-0x0000000002322000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2364-34-0x00000000021C0000-0x0000000002322000-memory.dmp

    Filesize

    1.4MB

    Download