Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    136s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    21-10-2021 15:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a24309574ec527a9474fbcf394e632c6ac7ef05475d1b714f0c29dd27c02ebe3.exe

  • Size

    1.1MB

  • MD5

    6fab8a5c4857f53a14e1b55206946922

  • SHA1

    3fa5528f0c01dc24c5eede5d1babea1b7d43b703

  • SHA256

    a24309574ec527a9474fbcf394e632c6ac7ef05475d1b714f0c29dd27c02ebe3

  • SHA512

    900970fe482bb6528088d9b80fe33315259c3c5e1dc97e23d5620f093a3af9d1b609244530524736bc2df4d313ded40c474dd4191e19fec3227d6438881faacf

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443
Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 2 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a24309574ec527a9474fbcf394e632c6ac7ef05475d1b714f0c29dd27c02ebe3.exe
    "C:\Users\Admin\AppData\Local\Temp\a24309574ec527a9474fbcf394e632c6ac7ef05475d1b714f0c29dd27c02ebe3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:756
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\A24309~1.DLL,s C:\Users\Admin\AppData\Local\Temp\A24309~1.EXE
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:4436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\A24309~1.DLL
    MD5

    a51f08173cd36eee6fc6c05ac719870e

    SHA1

    7f736b805798c244c0fb4b9724d6f7bbc119f3c3

    SHA256

    7482be13434094ac669b7a676a88b59e95324ae27870f2a5b24773e2c81d4858

    SHA512

    60243dda6f8f039b07de6ede274189f55691490ecdba6f92d810d2b290e4a940a8a1cd49fd87acf3cc79b1685eccd051ea7534c4d3656d9a325d3c2d5a4ecae2

    Download Submit
  • \Users\Admin\AppData\Local\Temp\A24309~1.DLL
    MD5

    a51f08173cd36eee6fc6c05ac719870e

    SHA1

    7f736b805798c244c0fb4b9724d6f7bbc119f3c3

    SHA256

    7482be13434094ac669b7a676a88b59e95324ae27870f2a5b24773e2c81d4858

    SHA512

    60243dda6f8f039b07de6ede274189f55691490ecdba6f92d810d2b290e4a940a8a1cd49fd87acf3cc79b1685eccd051ea7534c4d3656d9a325d3c2d5a4ecae2

    Download Submit
  • memory/756-115-0x0000000004DB0000-0x0000000004E9E000-memory.dmp
    Filesize

    952KB

    Download
  • memory/756-116-0x0000000000400000-0x0000000002FE6000-memory.dmp
    Filesize

    43.9MB

    Download
  • memory/756-117-0x0000000004EA0000-0x0000000004FA5000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/4436-118-0x0000000000000000-mapping.dmp
    Download