Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    21-10-2021 19:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d076723f1269a1387c69018f4a3fac024b73176f8403372d06a7d58ade52d64e.exe

  • Size

    1.1MB

  • MD5

    8221e011ca9356d2f6f7126eb13553d1

  • SHA1

    73c2e0986be301d0552b8f6662bd786a85cea382

  • SHA256

    d076723f1269a1387c69018f4a3fac024b73176f8403372d06a7d58ade52d64e

  • SHA512

    b87f95122f40708a1b879fa03c8d8f27dd002dae575c684bf06958c4ce93ccf4be04540b51bafab759d61a28cab28f814d12080619ecfac76973a48305a2704a

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

192.119.110.73:443

192.236.147.159:443

192.210.222.88:443
Attributes
  • embedded_hash

    F4711E27D559B4AEB1A081A1EB0AC465

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Danabot Loader Component 4 IoCs
  • Blocklisted process makes network request 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d076723f1269a1387c69018f4a3fac024b73176f8403372d06a7d58ade52d64e.exe
    "C:\Users\Admin\AppData\Local\Temp\d076723f1269a1387c69018f4a3fac024b73176f8403372d06a7d58ade52d64e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\D07672~1.DLL,s C:\Users\Admin\AppData\Local\Temp\D07672~1.EXE
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Drops file in Program Files directory
      PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\D07672~1.DLL
    MD5

    dbc387e8a1b2f9803590766272260da2

    SHA1

    d7ab66e5b70a896582bc12d9d7f8e3aaa3c1193f

    SHA256

    00039f510d60b41b71e22ac2f54185705660eba10253b0767cdb019b04185eeb

    SHA512

    28cf0da46adda4546a62c23a7f26679145d1eb77f8974f83d4d3644d066f2f9d8d132017d1a4bfeb196a9fe6c2f568890f87262f3f18a128a188cfd0ce312646

    Download Submit
  • \Users\Admin\AppData\Local\Temp\D07672~1.DLL
    MD5

    dbc387e8a1b2f9803590766272260da2

    SHA1

    d7ab66e5b70a896582bc12d9d7f8e3aaa3c1193f

    SHA256

    00039f510d60b41b71e22ac2f54185705660eba10253b0767cdb019b04185eeb

    SHA512

    28cf0da46adda4546a62c23a7f26679145d1eb77f8974f83d4d3644d066f2f9d8d132017d1a4bfeb196a9fe6c2f568890f87262f3f18a128a188cfd0ce312646

    Download Submit
  • \Users\Admin\AppData\Local\Temp\D07672~1.DLL
    MD5

    dbc387e8a1b2f9803590766272260da2

    SHA1

    d7ab66e5b70a896582bc12d9d7f8e3aaa3c1193f

    SHA256

    00039f510d60b41b71e22ac2f54185705660eba10253b0767cdb019b04185eeb

    SHA512

    28cf0da46adda4546a62c23a7f26679145d1eb77f8974f83d4d3644d066f2f9d8d132017d1a4bfeb196a9fe6c2f568890f87262f3f18a128a188cfd0ce312646

    Download Submit
  • memory/1676-118-0x0000000000000000-mapping.dmp
    Download
  • memory/1676-122-0x0000000004280000-0x00000000043E0000-memory.dmp
    Filesize

    1.4MB

    Download
  • memory/1976-116-0x0000000004FB0000-0x00000000050B5000-memory.dmp
    Filesize

    1.0MB

    Download
  • memory/1976-115-0x0000000004EC0000-0x0000000004FAE000-memory.dmp
    Filesize

    952KB

    Download
  • memory/1976-117-0x0000000000400000-0x0000000002FE6000-memory.dmp
    Filesize

    43.9MB

    Download