Overview

overview

10

Static

static

3

2679fd014c...6N.dll

windows7-x64

10

2679fd014c...6N.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    110s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-11-2024 10:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2679fd014c747eb282b71b79ce95e0f2b6c28d544a10ab74bc393439456143b6N.dll

  • Size

    2.5MB

  • MD5

    3e4b803e57c0154b8af15e392da96750

  • SHA1

    56a136e548a838354331ad4098e5baf4ca2395b4

  • SHA256

    2679fd014c747eb282b71b79ce95e0f2b6c28d544a10ab74bc393439456143b6

  • SHA512

    1975dac8ed7943bfc9847f490b15ba8739d02bb7b0369a82b68314db585e53d256532516212b44dc5bfd2de9a8ac2ef827add7fd74b4b711354ce86e472a0130

  • SSDEEP

    49152:KgZziYT4//YDt2Z/fZMdzUAOC5n+LlrxFTGWQKq:K0ziYTJh2Z/f6AAOGarxFTGPv

Score
10/10
danabot40bankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.158.250.216:443

194.76.225.46:443

45.11.180.153:443

194.76.225.61:443
Attributes
  • embedded_hash

    AD14EA44261341E3690FA8CC1E236523

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 14 IoCs
  • Danabot family
    danabot
  • Blocklisted process makes network request 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2679fd014c747eb282b71b79ce95e0f2b6c28d544a10ab74bc393439456143b6N.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1864
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2679fd014c747eb282b71b79ce95e0f2b6c28d544a10ab74bc393439456143b6N.dll,#1
      2⤵
      • Blocklisted process makes network request
      • System Location Discovery: System Language Discovery
      PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2088-0-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-2-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-1-0x0000000074528000-0x000000007452E000-memory.dmp

    Filesize

    24KB

    Download

  • memory/2088-3-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-7-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-8-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-9-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-10-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-11-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-12-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-13-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-14-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-15-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-16-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-17-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download

  • memory/2088-18-0x00000000742B0000-0x000000007453E000-memory.dmp

    Filesize

    2.6MB

    Download