danabot | a4f029ef2f2dcd8319955185a0675b446ad78f737a383afb57f86ae70335d1a3

Analysis

max time kernel
141s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 13:16

Target

973e243a21c58d1ce53e81b6cfb13f29.dll
Size

1.3MB
MD5

973e243a21c58d1ce53e81b6cfb13f29
SHA1

7e8eba90c43e6bc2bbbb966923f9f9ff76ab01d6
SHA256

a4f029ef2f2dcd8319955185a0675b446ad78f737a383afb57f86ae70335d1a3
SHA512

d44b3c66611ef1b16eb15361cb476776d1980a6b9d5a1abac73a3b3942b95205c54dafb7f99e86d0c640f85c38ec7eaa66ca63578704cde61ff7dc269e1a9ebe
SSDEEP

24576:pcFPyHJP0Mrwfy8uS6pWeiPAEn5OWb/7WdTMQ+J4:KciP/n5ZidTS4

Score

10^/10

Family

danabot

Botnet

142.11.244.124:443

142.11.206.50:443

Attributes

rsa_pubkey.plain

rsa_privkey.plain

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot Loader Component 15 IoCs

Processes:

resource	yara_rule
behavioral1/memory/3044-0-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-1-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-2-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-3-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-4-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-5-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-6-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-7-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-8-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-9-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-10-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-11-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-12-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-13-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021
behavioral1/memory/3044-14-0x0000000000470000-0x00000000005CF000-memory.dmp	DanabotLoader2021

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

2 3044 rundll32.exe

flow	pid	process
2	3044	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2296 wrote to memory of 3044	2296	rundll32.exe	rundll32.exe
PID 2296 wrote to memory of 3044	2296	rundll32.exe	rundll32.exe
PID 2296 wrote to memory of 3044	2296	rundll32.exe	rundll32.exe
PID 2296 wrote to memory of 3044	2296	rundll32.exe	rundll32.exe
PID 2296 wrote to memory of 3044	2296	rundll32.exe	rundll32.exe
PID 2296 wrote to memory of 3044	2296	rundll32.exe	rundll32.exe
PID 2296 wrote to memory of 3044	2296	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\973e243a21c58d1ce53e81b6cfb13f29.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2296

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\973e243a21c58d1ce53e81b6cfb13f29.dll,#1
2⤵
- Blocklisted process makes network request
PID:3044

memory/3044-0-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-1-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-2-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-3-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-4-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-5-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-6-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-7-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-8-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-9-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-10-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-11-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-12-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-13-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download
memory/3044-14-0x0000000000470000-0x00000000005CF000-memory.dmp

Filesize
1.4MB

Download