danabot | 2248-324-0x00000000021D0000-0x000000000243B000-memory[.]dmp

General

Target

2248-324-0x00000000021D0000-0x000000000243B000-memory.dmp
Size

2.4MB
MD5

67680492a466967bc97257b2b4dcf4f6
SHA1

fc1582552cb3910507016ed2ffd840b56a0d2e46
SHA256

62b40c9410bbc2f6b7c1d7d2866ba616452a36ecb16673e6a41ec5a012262648
SHA512

6c0177f96c2daa3dba48ace0bdcc95048b2f83e1c88f9401e2c3c51a944c45b32ca441ea03b922f33de0315efd47cac7e31b081a4c02d3f81f4b3385df15ac73
SSDEEP

49152:WHMvfBaEea526oSp4Yl9jtixmXo7I3fOi:WMh5oYlHiIok3mi

Score

10^/10

botnet danabot

Malware Config

Extracted

Family

danabot

C2

51.178.195.151

51.222.39.81

149.255.35.125

38.68.50.179

51.77.7.204

rsa_pubkey.plain

Signatures

Danabot family
danabot

Danabot x86 payload 1 IoCs

Detection of Danabot x86 payload, mapped in memory during the execution of its loader.

botnet

resource	yara_rule
sample	family_danabot

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2248-324-0x00000000021D0000-0x000000000243B000-memory.dmp

Files

2248-324-0x00000000021D0000-0x000000000243B000-memory.dmp
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 303B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.itext Size: 6KB - Virtual size: 6KB

.data Size: 22KB - Virtual size: 21KB

.bss Size: - Virtual size: 27KB

.idata Size: 15KB - Virtual size: 15KB

.didata Size: 3KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 303B

.rdata Size: 512B - Virtual size: 68B

.reloc Size: 209KB - Virtual size: 208KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.itext
Size: 6KB - Virtual size: 6KB

.data
Size: 22KB - Virtual size: 21KB

.bss
Size: - Virtual size: 27KB

.idata
Size: 15KB - Virtual size: 15KB

.didata
Size: 3KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 303B

.rdata
Size: 512B - Virtual size: 68B

.reloc
Size: 209KB - Virtual size: 208KB

.rsrc
Size: 26KB - Virtual size: 26KB