Overview

overview

10

Static

static

3

e84028b94d...18.exe

windows7-x64

10

e84028b94d...18.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-04-2024 19:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e84028b94d3abf5f753fe4ef54b4427e_JaffaCakes118.exe

  • Size

    1.1MB

  • MD5

    e84028b94d3abf5f753fe4ef54b4427e

  • SHA1

    6b49249dd5b5cddd81a40e043efba289972ad8b2

  • SHA256

    55f0976368822adb482407f46a40dcb9e0f2cc7e874d8b67c2bc82d82f7131e0

  • SHA512

    e3eb19f516696d187a72006a1eb52375ef5b508605592f2ecc8e830a6352f3b2cd2687607fb00ee340af1664b84eb2e2b5a957a44cb787a18b386e6aabc10668

  • SSDEEP

    24576:B67kak6S99HaKXLT75+6LdwjeiCjHoC36i/38mhKMbbojl:B9Xj5+6hiy36i/3jhKMbkj

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

23.229.29.48:443

5.9.224.204:443

192.210.222.81:443
Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 4 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e84028b94d3abf5f753fe4ef54b4427e_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\e84028b94d3abf5f753fe4ef54b4427e_JaffaCakes118.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4280
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\E84028~1.DLL,s C:\Users\Admin\AppData\Local\Temp\E84028~1.EXE
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:2364
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 508
      2⤵
      • Program crash
      PID:4108
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4280 -ip 4280
    1⤵
      PID:4640

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\E84028~1.DLL
      Filesize

      1.3MB

      MD5

      f21a9de2b2641fa8b6a3520e9a32f2a6

      SHA1

      2b6b4b97be5e2dcdb422ddfb6c92f2657da0818a

      SHA256

      9cd2054a8ce7e285b9362e6a3198cd6e09e8a3e1edce15c243bc8b77e125c71f

      SHA512

      a72b832327e6f35030ea11afb3a49e23dc1bffd6275cd197a27b1b2826d0645b1ee9aa0ca20a0ab50f9fdf66cb53f71e13a04a4aaa344420c0916d051cd07183

      Download Submit

    • memory/2364-17-0x0000000000400000-0x0000000000560000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2364-29-0x0000000000400000-0x0000000000560000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2364-30-0x0000000000400000-0x0000000000560000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/4280-1-0x00000000026F0000-0x00000000027E4000-memory.dmp

      Filesize

      976KB

      Download

    • memory/4280-2-0x00000000027F0000-0x00000000028F5000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4280-3-0x0000000000400000-0x000000000248A000-memory.dmp

      Filesize

      32.5MB

      Download

    • memory/4280-6-0x0000000000400000-0x000000000248A000-memory.dmp

      Filesize

      32.5MB

      Download

    • memory/4280-8-0x00000000026F0000-0x00000000027E4000-memory.dmp

      Filesize

      976KB

      Download

    • memory/4280-9-0x00000000027F0000-0x00000000028F5000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4280-16-0x0000000000400000-0x000000000248A000-memory.dmp

      Filesize

      32.5MB

      Download

    • memory/4280-28-0x0000000000400000-0x000000000248A000-memory.dmp

      Filesize

      32.5MB

      Download