danabot | 67367da66a37772c3747783b1da4020b787a502d53bcb14c2356b070c396642f

Analysis

max time kernel
140s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 10:07

Target

ed2b34255f570cdf209ad2c35671da7d_JaffaCakes118.dll
Size

1.3MB
MD5

ed2b34255f570cdf209ad2c35671da7d
SHA1

9b9833645c9e47cf0b25d5700726ccc47ad02a9d
SHA256

67367da66a37772c3747783b1da4020b787a502d53bcb14c2356b070c396642f
SHA512

e55a7107995ebe9d4966657cafec09ba07fafcf964c3b38a8a8e1581cd846334eafa166ad66c0ab4458579dd4d80f0a9e6b95bfc026a24392b3ef8c85cd1c6fa
SSDEEP

24576:KncFdxcZ3Mn9C2vOte0kS+RB39lTlottT9uy6:BT2FBY9lATIy6

Score

10^/10

Family

danabot

Botnet

142.11.242.31:443

192.119.110.73:443

192.210.222.88:443

Attributes

rsa_pubkey.plain

rsa_privkey.plain

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot Loader Component 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1488-0-0x0000000002B40000-0x0000000002CA3000-memory.dmp	DanabotLoader2021
behavioral2/memory/1488-1-0x0000000002B40000-0x0000000002CA3000-memory.dmp	DanabotLoader2021

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow	pid	Process
2	1488	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 4576 wrote to memory of 1488	4576	rundll32.exe	87
PID 4576 wrote to memory of 1488	4576	rundll32.exe	87
PID 4576 wrote to memory of 1488	4576	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed2b34255f570cdf209ad2c35671da7d_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed2b34255f570cdf209ad2c35671da7d_JaffaCakes118.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:1488

memory/1488-0-0x0000000002B40000-0x0000000002CA3000-memory.dmp

Filesize
1.4MB

Download
memory/1488-1-0x0000000002B40000-0x0000000002CA3000-memory.dmp

Filesize
1.4MB

Download