danabot | 90d3303cc9628d39013556750168afdcb0d3196d95ae004fd5a9642238636875

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21-04-2024 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fef6b272e83c2db9338ad55ffb6e8f6e_JaffaCakes118.dll
Size

1.3MB
MD5

fef6b272e83c2db9338ad55ffb6e8f6e
SHA1

90c912ce3613ebcc0ecad406bf1c86fdc58162a8
SHA256

90d3303cc9628d39013556750168afdcb0d3196d95ae004fd5a9642238636875
SHA512

4b7d93dd2e9458e277391f3074dc76d4e92442bf1db0d7fb630f4896f27001bf4350062ddeb452887d1d6e69f6cac914bab6bad34e086a2fb8b6b951d23e4f7c
SSDEEP

24576:2cFXB3P/KiY386VWysaBaotyaD8u9hZ0Bc0TU522c:tWzXko8awdc0Ty22c

Score

10^/10

danabot 15 banker trojan

Malware Config

Extracted

Family

danabot

Botnet

192.52.167.44:443

192.52.166.92:443

192.52.167.45:443

173.254.204.95:443

Attributes

embedded_hash
740FCC7615F224B3D909D4EC25568A2A
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Signatures

Danabot
Danabot is a modular banking Trojan that has been linked with other malware.
trojan banker danabot

Danabot Loader Component 14 IoCs

resource	yara_rule
behavioral2/memory/8-0-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-1-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-2-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-3-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-4-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-5-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-6-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-7-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-8-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-9-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-10-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-11-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-12-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021
behavioral2/memory/8-13-0x0000000000400000-0x000000000055D000-memory.dmp	DanabotLoader2021

Blocklisted process makes network request 1 IoCs

flow	pid	Process
5	8	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 8	5104	rundll32.exe	84
PID 5104 wrote to memory of 8	5104	rundll32.exe	84
PID 5104 wrote to memory of 8	5104	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fef6b272e83c2db9338ad55ffb6e8f6e_JaffaCakes118.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fef6b272e83c2db9338ad55ffb6e8f6e_JaffaCakes118.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:8

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/8-0-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-1-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-2-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-3-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-4-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-5-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-6-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-7-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-8-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-9-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-10-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-11-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-12-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download
memory/8-13-0x0000000000400000-0x000000000055D000-memory.dmp

Filesize
1.4MB

Download