danabot | 5f07b44a21d1048fc12b7c0e511984ce5a58121d094067a3f58be81e92563d09

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 04:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e6a5e2e442a179bf59905d89a1bbe667_JaffaCakes118.dll
Size

1.3MB
MD5

e6a5e2e442a179bf59905d89a1bbe667
SHA1

3176312c065506c6289b7e2bebc550aeeb6df554
SHA256

5f07b44a21d1048fc12b7c0e511984ce5a58121d094067a3f58be81e92563d09
SHA512

9ff3ecf32755f81beba6cbdbf50eb2ccf1e4b9ff9df97c0cd1c10438341d47e0016b1b4d84504b004aa06ef51b97dbf94dff3f01c2cfc0edb721d120c7d9bc10
SSDEEP

24576:kcF2VtrZmrDEtLk7Kd/FFdf+BawXHvJbSc9W0XTR7McbtV:HzyFJ+3Sc9W0XT5Mo

Score

10^/10

danabot 4 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

5.9.224.204:443

192.210.222.81:443

23.229.29.48:443

Attributes

embedded_hash
0E1A7A1479C37094441FA911262B322A
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot Loader Component 15 IoCs

resource	yara_rule
behavioral2/memory/4288-0-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-1-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-2-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-3-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-4-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-5-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-6-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-7-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-8-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-9-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-10-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-11-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-12-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-13-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021
behavioral2/memory/4288-14-0x0000000002360000-0x00000000024C1000-memory.dmp	DanabotLoader2021

Blocklisted process makes network request 1 IoCs

flow	pid	Process
3	4288	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 4288	4144	rundll32.exe	86
PID 4144 wrote to memory of 4288	4144	rundll32.exe	86
PID 4144 wrote to memory of 4288	4144	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e6a5e2e442a179bf59905d89a1bbe667_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e6a5e2e442a179bf59905d89a1bbe667_JaffaCakes118.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:4288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4288-0-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-1-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-2-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-3-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-4-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-5-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-6-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-7-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-8-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-9-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-10-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-11-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-12-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-13-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download
memory/4288-14-0x0000000002360000-0x00000000024C1000-memory.dmp

Filesize
1.4MB

Download