Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    116s
  • max time network
    119s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    26-09-2021 17:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9104fee4fa7fa3fbc00647a684c4d431990fa8bfc1c4a9aeb4a76ce27abd6555.exe

  • Size

    1.0MB

  • MD5

    a23081e120c76214255c76882fed5158

  • SHA1

    924f93589e61784120c19c7cc8be1ec1a5b1c8f3

  • SHA256

    9104fee4fa7fa3fbc00647a684c4d431990fa8bfc1c4a9aeb4a76ce27abd6555

  • SHA512

    8bfe1ce2c0e1b88b751465463408fa1af2688698e8d48a38dec4c01699818992ae4b221a326c4e184034779726ad5c1a6d094142ecf2db7ee4bb25afe0b7bba6

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

23.254.144.209:443

192.236.194.86:443

142.11.192.232:443
Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 2 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9104fee4fa7fa3fbc00647a684c4d431990fa8bfc1c4a9aeb4a76ce27abd6555.exe
    "C:\Users\Admin\AppData\Local\Temp\9104fee4fa7fa3fbc00647a684c4d431990fa8bfc1c4a9aeb4a76ce27abd6555.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2332
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\9104FE~1.DLL,s C:\Users\Admin\AppData\Local\Temp\9104FE~1.EXE
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\9104FE~1.DLL
    MD5

    9a0ec55943d662c363ae0893b9486ed6

    SHA1

    9f0638efb7377cdca8e6745ee7ad93ae7476bc7c

    SHA256

    fe21c245b2339784497a75fcea06b476da65c684a3d4e1dfa548ca46075feb2d

    SHA512

    7695a109265c3e225896758471e7377b0f4e1d9bae74bc2ed09d2090c0d8b7ae57c651f7882a66936c7ab772eb5aae770e5ff8a178fdba6903fd0fae6a4aa0af

    Download Submit
  • \Users\Admin\AppData\Local\Temp\9104FE~1.DLL
    MD5

    9a0ec55943d662c363ae0893b9486ed6

    SHA1

    9f0638efb7377cdca8e6745ee7ad93ae7476bc7c

    SHA256

    fe21c245b2339784497a75fcea06b476da65c684a3d4e1dfa548ca46075feb2d

    SHA512

    7695a109265c3e225896758471e7377b0f4e1d9bae74bc2ed09d2090c0d8b7ae57c651f7882a66936c7ab772eb5aae770e5ff8a178fdba6903fd0fae6a4aa0af

    Download Submit
  • memory/2332-115-0x0000000002410000-0x0000000002516000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2332-119-0x0000000000400000-0x0000000000590000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2484-116-0x0000000000000000-mapping.dmp
    Download