Overview

overview

10

Static

static

10

rcc_themes...1].exe

windows10-ltsc_2021-x64

10

rcc_themes...1].exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    106s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03/04/2025, 22:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rcc_themes_[15MB]_[1].exe

  • Size

    18.9MB

  • MD5

    84a4764dd20bfcf989b24c62ca88383e

  • SHA1

    207b3f5cd265a5c86be6c7841b7d5c249cbc7493

  • SHA256

    b54bf8265b7cfacd6537a9125e0e04d86b857baf7452c61caee3acdb03b44879

  • SHA512

    b9e301f38232b1913d710969a933d7bc76e7ad647a57c4e41ef221ecc6f86642226a9953efe794f301e26ae9ff771795aade6b4fe8cab4bf74155fe80a079069

  • SSDEEP

    196608:Gc1rS1ekkJu0daNo6TkXvR4Z7hmU6kXLX/mbr9X5vyoEo4A19B1:Lr2EPVXvR4Z6eut5KoEon1

Score
10/10
danabotbankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

C2

114.0.101.0:105

97.0.108.0:0

109.0.97.0:1200

100.0.114.0:65535
Attributes
  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot family
    danabot
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\rcc_themes_[15MB]_[1].exe
    "C:\Users\Admin\AppData\Local\Temp\rcc_themes_[15MB]_[1].exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:2736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2736-0-0x0000000000400000-0x000000000173D000-memory.dmp

    Filesize

    19.2MB

    Download