Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    118s
  • max time network
    135s
  • platform
    windows10_x64
  • resource
    win10-en-20210920
  • submitted
    21-10-2021 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3a754304ab6e04dd4317a89bf85eff6cc6ddb9921b277d8f8475dd22850911d1.exe

  • Size

    1.1MB

  • MD5

    2cb997c5e95883623e1dc0d4b2ac2fa0

  • SHA1

    4f5d87d8ba60df5191a4a9f72d9c60f6ce925f6a

  • SHA256

    3a754304ab6e04dd4317a89bf85eff6cc6ddb9921b277d8f8475dd22850911d1

  • SHA512

    2ae6c2c3af5238d27f450722c33ae0552fe5bf03347310d1da52696b0cdd07c27d9aaae1acc622f22bf562b22df62c4bc64bb6da579acb1790908634903c4eeb

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443
Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 2 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a754304ab6e04dd4317a89bf85eff6cc6ddb9921b277d8f8475dd22850911d1.exe
    "C:\Users\Admin\AppData\Local\Temp\3a754304ab6e04dd4317a89bf85eff6cc6ddb9921b277d8f8475dd22850911d1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2588
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\3A7543~1.DLL,s C:\Users\Admin\AppData\Local\Temp\3A7543~1.EXE
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      PID:3836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3A7543~1.DLL
    MD5

    9fc1b6a57016e5b45bc3fd1b9d93c081

    SHA1

    2fa6b17a4077fb4ebc5a1909f67e6f8aff7d129b

    SHA256

    0d113bb5ff7a756b0888f68918bc4a2ead381ef00996c0a5dcc6042ee04d1242

    SHA512

    bf4ad9a15c26199ffef30a6de3f9baa88c7e84713059330bb3f16b6322fdb2533d4729fbd45049bfcf369966d411ccb653677267b47355a5fd0fc5090ebc8c56

    Download Submit
  • \Users\Admin\AppData\Local\Temp\3A7543~1.DLL
    MD5

    9fc1b6a57016e5b45bc3fd1b9d93c081

    SHA1

    2fa6b17a4077fb4ebc5a1909f67e6f8aff7d129b

    SHA256

    0d113bb5ff7a756b0888f68918bc4a2ead381ef00996c0a5dcc6042ee04d1242

    SHA512

    bf4ad9a15c26199ffef30a6de3f9baa88c7e84713059330bb3f16b6322fdb2533d4729fbd45049bfcf369966d411ccb653677267b47355a5fd0fc5090ebc8c56

    Download Submit
  • memory/2588-115-0x0000000004F10000-0x0000000004FFE000-memory.dmp
    Filesize

    952KB

    Download
  • memory/2588-116-0x0000000005000000-0x0000000005105000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/2588-120-0x0000000000400000-0x0000000002FE6000-memory.dmp
    Filesize

    43.9MB

    Download
  • memory/3836-117-0x0000000000000000-mapping.dmp
    Download