Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    105s
  • max time network
    113s
  • platform
    windows10_x64
  • resource
    win10v20210408
  • submitted
    26-09-2021 21:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    312f6356e84a66b37b45ee215003dcc0ef7e6ee64c86bd7acf7069818d98869a.exe

  • Size

    1.0MB

  • MD5

    3f0c702ca97329dbd1058ee03554438c

  • SHA1

    7144b00e3daf74537f320cc63ac27146f8f97db0

  • SHA256

    312f6356e84a66b37b45ee215003dcc0ef7e6ee64c86bd7acf7069818d98869a

  • SHA512

    da3f45c45d206e56c70f8b6a44a647eff252bfb8359dd000058177ec8741c33cbe285a1798bf0dc7f4b5ccb7ca52914ae022243aa63d3a0dcfafa501c1b93ad6

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

23.254.144.209:443

192.236.194.86:443

142.11.192.232:443
Attributes
  • embedded_hash

    0E1A7A1479C37094441FA911262B322A

rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 4 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\312f6356e84a66b37b45ee215003dcc0ef7e6ee64c86bd7acf7069818d98869a.exe
    "C:\Users\Admin\AppData\Local\Temp\312f6356e84a66b37b45ee215003dcc0ef7e6ee64c86bd7acf7069818d98869a.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4024
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\312F63~1.DLL,s C:\Users\Admin\AppData\Local\Temp\312F63~1.EXE
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:3880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\312F63~1.DLL
    MD5

    2f1cc868263ef39f234349e3b57967b8

    SHA1

    21537093c120564e1bde7373db0454b6a37cdd2c

    SHA256

    3d1868bd168d0ca22d6b2c377f957ef8601cbe4ebf9f570fc3fd5c3556a4aed9

    SHA512

    6d5392969655b1b42fc24f5cd57f37e46b12ec59472bb998603a801d7386034effe837e138c9157dd3bbb1493200e51922a5e49be4e66bb77638b5e9fe8d18c0

    Download Submit
  • \Users\Admin\AppData\Local\Temp\312F63~1.DLL
    MD5

    2f1cc868263ef39f234349e3b57967b8

    SHA1

    21537093c120564e1bde7373db0454b6a37cdd2c

    SHA256

    3d1868bd168d0ca22d6b2c377f957ef8601cbe4ebf9f570fc3fd5c3556a4aed9

    SHA512

    6d5392969655b1b42fc24f5cd57f37e46b12ec59472bb998603a801d7386034effe837e138c9157dd3bbb1493200e51922a5e49be4e66bb77638b5e9fe8d18c0

    Download Submit
  • \Users\Admin\AppData\Local\Temp\312F63~1.DLL
    MD5

    2f1cc868263ef39f234349e3b57967b8

    SHA1

    21537093c120564e1bde7373db0454b6a37cdd2c

    SHA256

    3d1868bd168d0ca22d6b2c377f957ef8601cbe4ebf9f570fc3fd5c3556a4aed9

    SHA512

    6d5392969655b1b42fc24f5cd57f37e46b12ec59472bb998603a801d7386034effe837e138c9157dd3bbb1493200e51922a5e49be4e66bb77638b5e9fe8d18c0

    Download Submit
  • memory/3880-114-0x0000000000000000-mapping.dmp
    Download
  • memory/3880-120-0x00000000044F0000-0x0000000004653000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/4024-115-0x00000000025C0000-0x00000000026C6000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/4024-116-0x0000000000400000-0x000000000058F000-memory.dmp
    Filesize

    1.6MB

    Download