Overview

overview

10

Static

static

dridex

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a3d561d70f54d321cfa0cff6eaa7755dfc632a89d9428a77dec6bca602c41e3c

  • Size

    1.2MB

  • Sample

    211004-kycenagbck

  • MD5

    03e5fdc1250c5ee84ae9b36f3c3c71ad

  • SHA1

    ec9b8f0e31741137501bd7a87fed2fc57c2d807e

  • SHA256

    a3d561d70f54d321cfa0cff6eaa7755dfc632a89d9428a77dec6bca602c41e3c

  • SHA512

    6aa084b10ee3c0ac4353de924b964b2516c4f2b0204a09eabe52641435f487c2528148a324ea4c0c61107c35543a384f92e9c8c3694a6635d590e9cb1ab151f7

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

142.11.192.232:443

192.119.110.73:443

142.11.242.31:443

192.210.222.88:443
Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDPvYED31s9p4zf6GMtg/u+PcE3
3
nZfynudhDfv9UkUfPbos2SlZ26IDACG5/jQNYcToWrfJiUO9rHtvi2OvyMM0sHdJ
4
KQVRs5DsWW+z2cSr3feptw4M2MoUKzr9hDPum7mJDoHCnp1QQ88CXGRFUkIgeDWQ
5
xtcCtZrs2sSQRqUMiwIDAQAB
6
-----END PUBLIC KEY-----
rsa_privkey.plain
1
-----BEGIN PRIVATE KEY-----
2
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAM4bBiEKVcs31kKB
3
wrqNXc+51Tv/Vimv0laIV6Sa5s00MUJJPBVkwQCt1IxkMRkzwlo6aidAV18fTiM1
4
1QC2G2oRrV08xvtWvCd4gTZ3DatmeW3rvp0aQ0qVgRD1Evi2ErsCKqX9MkQHFvAR
5
6H52tqYG64YjzPp74cy3yeN9ldSVAgMBAAECgYADpRizpuIjiOZCINdXwz5AeTHb
6
MMXOUOywWRLrt02TnXOtj2v/mNuM7oYOwYrYvkCWpefQr+ObrAsOtloA/Dd53ZpL
7
8qxHvHEwjn/Nh+VSAWP/pw0iQ8CVBlUhI+wsl8qTV11J0JmzqmqyC5cg/Aao97fH
8
MHcgw5TGWG+5aVJK4QJBANvgDwLGV5HWJLIRtn5hZsPQadTmUef/x27F39cQYHYc
9
rCb2g+m8Kn31W5v29rL98bjWdF6B2Awoo337HXO1OnkCQQDv99BU5kO/ZJNMpraY
10
Zu7/bc+CPWMTmGEnlKd/WUlnPZgJOn/A9X0gWq+Q2jYBNGYHrX9F/xni51dX1P3p

Targets

    • Target

      a3d561d70f54d321cfa0cff6eaa7755dfc632a89d9428a77dec6bca602c41e3c

    • Size

      1.2MB

    • MD5

      03e5fdc1250c5ee84ae9b36f3c3c71ad

    • SHA1

      ec9b8f0e31741137501bd7a87fed2fc57c2d807e

    • SHA256

      a3d561d70f54d321cfa0cff6eaa7755dfc632a89d9428a77dec6bca602c41e3c

    • SHA512

      6aa084b10ee3c0ac4353de924b964b2516c4f2b0204a09eabe52641435f487c2528148a324ea4c0c61107c35543a384f92e9c8c3694a6635d590e9cb1ab151f7

    Score
    10/10
    danabotbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Blocklisted process makes network request

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Matrix

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.