danabot | ebb10d92e26aa37bed1933b8726cba0379e044f989619d4077d39739b1792c17

Analysis

max time kernel
140s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-01-2024 00:09

Target

813777679e335833f55a26be8703cdfe.dll
Size

1.3MB
MD5

813777679e335833f55a26be8703cdfe
SHA1

b507fa5808389ffcad69491899ef9693b853e116
SHA256

ebb10d92e26aa37bed1933b8726cba0379e044f989619d4077d39739b1792c17
SHA512

fe7f32cf02e0470a66f86d3423087acbcc8bbc2c3d39f6eeb013d5bccf628f016955b1063fbe7bb388245c841fd5142ce94385301b3f830172eed2df432086f6
SSDEEP

24576:Z8FG0TfXWkUIxxxR8gOaoMze81GT1Gr80:6XXWAR7ONTg

Score

10^/10

Family

danabot

Botnet

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443

Attributes

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot
Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

2 1888 rundll32.exe

flow	pid	process
2	1888	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2480 wrote to memory of 1888	2480	rundll32.exe	rundll32.exe
PID 2480 wrote to memory of 1888	2480	rundll32.exe	rundll32.exe
PID 2480 wrote to memory of 1888	2480	rundll32.exe	rundll32.exe
PID 2480 wrote to memory of 1888	2480	rundll32.exe	rundll32.exe
PID 2480 wrote to memory of 1888	2480	rundll32.exe	rundll32.exe
PID 2480 wrote to memory of 1888	2480	rundll32.exe	rundll32.exe
PID 2480 wrote to memory of 1888	2480	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\813777679e335833f55a26be8703cdfe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2480

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\813777679e335833f55a26be8703cdfe.dll,#1
2⤵
- Blocklisted process makes network request
PID:1888

memory/1888-0-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-1-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-2-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-3-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-4-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-5-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-6-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-7-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-8-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-9-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-10-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-11-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-12-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-13-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download
memory/1888-14-0x0000000000820000-0x0000000000980000-memory.dmp

Filesize
1.4MB

Download