Overview

overview

10

Static

static

3

76b7125caf...76.exe

windows7-x64

76b7125caf...76.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/03/2025, 09:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    76b7125cafff8d6b77629def5a86199d912e7d76.exe

  • Size

    1.2MB

  • MD5

    0cd7b22bfcd2ae0ee4994e82b54fcf81

  • SHA1

    76b7125cafff8d6b77629def5a86199d912e7d76

  • SHA256

    d79c1cf0eb9bae702ffb9d6b9f571ad6ca15f5e3c532616b35895561a30335ed

  • SHA512

    1987b54d334523f89eaa9fa4084357062c86893d23d1cfd54cf10d10a58e41eace3d7f0cd3d075bf29d0d068225df38de09b89a3b55dad647770f13c6558fa50

  • SSDEEP

    24576:tqv8Vv5zCjHuU4izn7QRXDr1a0MIdYxJylZL6L9:tq0ZUlnkRXDr1xMIqLy2x

Score
10/10
danabot4bankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.192.232:443

142.11.242.31:443

192.210.222.88:443
Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 10 IoCs
  • Danabot family
    danabot
  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\76b7125cafff8d6b77629def5a86199d912e7d76.exe
    "C:\Users\Admin\AppData\Local\Temp\76b7125cafff8d6b77629def5a86199d912e7d76.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4396
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\76B712~1.DLL,s C:\Users\Admin\AppData\Local\Temp\76B712~1.EXE
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • System Location Discovery: System Language Discovery
      PID:3444
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 508
      2⤵
      • Program crash
      PID:3720
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 4396 -ip 4396
    1⤵
      PID:2584

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\76B712~1.DLL
      Filesize

      1.3MB

      MD5

      6322d33f0db30b3a3a43453ce2700cb5

      SHA1

      19a330da46cdd07867604241857b45af38888078

      SHA256

      087b81a295374cf8c7b59a3c4e75a5fa181007edff0c9a20528b55cf35a6dd84

      SHA512

      f554dabd537cde798861cc699f9fdd6a8aae90b8b12529ddfa97b38f5077fe8edd8a8a41e5f6319209cd61f854a71c4838394246891ade6f2c4eda476294d70c

      Download Submit

    • memory/3444-11-0x0000000000400000-0x0000000000562000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3444-23-0x0000000000400000-0x0000000000562000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3444-26-0x0000000000400000-0x0000000000562000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3444-25-0x0000000000400000-0x0000000000562000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3444-24-0x0000000000400000-0x0000000000562000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3444-22-0x0000000000400000-0x0000000000562000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3444-19-0x0000000000400000-0x0000000000562000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3444-20-0x0000000000400000-0x0000000000562000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/3444-21-0x0000000000400000-0x0000000000562000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/4396-1-0x00000000007D0000-0x00000000008CC000-memory.dmp

      Filesize

      1008KB

      Download

    • memory/4396-3-0x0000000000400000-0x0000000000513000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4396-10-0x0000000000400000-0x0000000000513000-memory.dmp

      Filesize

      1.1MB

      Download

    • memory/4396-9-0x00000000009A0000-0x0000000000AA6000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4396-2-0x00000000009A0000-0x0000000000AA6000-memory.dmp

      Filesize

      1.0MB

      Download