danabot | 89f87a9e574260c5e2d89dd0d880fb873317d71c62c97b91b3f9c6797ecd49ae

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1c88ea92eb85aebebaecc4400b17298.dll
Size

1.6MB
MD5

c1c88ea92eb85aebebaecc4400b17298
SHA1

0abc7b546451c8d1616fb5656d7375dc8660a296
SHA256

89f87a9e574260c5e2d89dd0d880fb873317d71c62c97b91b3f9c6797ecd49ae
SHA512

87a6e7f7a761a09947e4b9cbafb08196c264e8e01b1e13050405d56678c9fac84f51f09141a10e0ddec430d8891579e56c3fd93bc40969209ab399cd115f6bdb
SSDEEP

24576:kpEQy1JpHqBJOuGHtDqlL7FgbpBGMb51A3Cf9X/QvrFgtQ:km7YB8uGNul9gbDGMbASf5YetQ

Score

10^/10

danabot 11 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

34.125.56.40:443

35.237.192.132:443

138.68.78.110:443

Attributes

embedded_hash
37E0DF5EB8277A5EEFCF002901483F81
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot Loader Component 16 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1348-2-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-3-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-4-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-5-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-7-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-8-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-9-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-10-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-11-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-12-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-13-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-14-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-15-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-16-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-17-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021
behavioral2/memory/1348-18-0x0000000010000000-0x0000000010206000-memory.dmp	DanabotLoader2021

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 924 wrote to memory of 1348	924	regsvr32.exe	regsvr32.exe
PID 924 wrote to memory of 1348	924	regsvr32.exe	regsvr32.exe
PID 924 wrote to memory of 1348	924	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c1c88ea92eb85aebebaecc4400b17298.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:924

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\c1c88ea92eb85aebebaecc4400b17298.dll
2⤵
PID:1348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1348-1-0x0000000000F50000-0x0000000000F51000-memory.dmp

Filesize
4KB

Download
memory/1348-0-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-2-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-3-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-4-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-5-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-6-0x0000000000F50000-0x0000000000F51000-memory.dmp

Filesize
4KB

Download
memory/1348-7-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-8-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-9-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-10-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-11-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-12-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-13-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-14-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-15-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-16-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-17-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download
memory/1348-18-0x0000000010000000-0x0000000010206000-memory.dmp

Filesize
2.0MB

Download