danabot | 2552-5-0x0000000002330000-0x0000000002524000-memory[.]dmp

General

Target

2552-5-0x0000000002330000-0x0000000002524000-memory.dmp
Size

2.0MB
MD5

b643d379b41b794902e6d5fb0dd07747
SHA1

5bc82b6ec781a3262b15db9296d6d25ca11fb8ef
SHA256

74011a1f131dc3be8664744651bafe8ace0d86755f8d77f9b917e200476b2d94
SHA512

ffef5391ef973c247b0702a11b32b7b7d6afed8a4c09ee5dd4d79a781cca4907edf916c0969543c27beb365be5b68721a0a01602b720413990ded029477546a9
SSDEEP

49152:CvBBwmwF/IhWT//+Eqqfn8+nFFQCxEsJwKQv:CvBBwmwF/IBEqqf8+gqJW

Score

10^/10

40 danabot

Malware Config

Extracted

Family

danabot

Botnet

40

C2

185.117.90.36:443

193.42.36.59:443

193.56.146.53:443

185.106.123.228:443

Attributes

embedded_hash
07284E2A3AB3C2E1FFFBD425849BE150
type
loader

rsa_pubkey.plain

rsa_privkey.plain

Signatures

Danabot Loader Component 1 IoCs

resource	yara_rule
sample	DanabotLoader2021

Danabot family
danabot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2552-5-0x0000000002330000-0x0000000002524000-memory.dmp

Files

2552-5-0x0000000002330000-0x0000000002524000-memory.dmp
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 23KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 1024B - Virtual size: 730B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.itext Size: 2KB - Virtual size: 2KB

.data Size: 32KB - Virtual size: 31KB

.bss Size: - Virtual size: 23KB

.idata Size: 6KB - Virtual size: 6KB

.didata Size: 1024B - Virtual size: 730B

.edata Size: 512B - Virtual size: 152B

.rdata Size: 512B - Virtual size: 68B

.reloc Size: 122KB - Virtual size: 122KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.itext
Size: 2KB - Virtual size: 2KB

.data
Size: 32KB - Virtual size: 31KB

.bss
Size: - Virtual size: 23KB

.idata
Size: 6KB - Virtual size: 6KB

.didata
Size: 1024B - Virtual size: 730B

.edata
Size: 512B - Virtual size: 152B

.rdata
Size: 512B - Virtual size: 68B

.reloc
Size: 122KB - Virtual size: 122KB

.rsrc
Size: 12KB - Virtual size: 12KB