Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    135s
  • max time network
    121s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    06-01-2022 11:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca5b1b7f0ccdfc9b1beaee131b641664b70d326fcf39b0d160f1fd9882688bd6.exe

  • Size

    1.1MB

  • MD5

    62efe74046350abcaef452694ff0051c

  • SHA1

    51c19b460d91029d395435354e761049ac28e2e9

  • SHA256

    ca5b1b7f0ccdfc9b1beaee131b641664b70d326fcf39b0d160f1fd9882688bd6

  • SHA512

    b2d086131311d3387fa7e3f0eae14f5c87234db6be5207afb667047d51e395b4cbf58f8aa2181d7506d020b5e96a09f0b7a88b4d195f1feb33ffcd95864b2cbc

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

142.11.244.223:443

192.236.194.72:443

192.119.110.4:443
Attributes
  • embedded_hash

    8357B947FCA843DB2D85EC29EDCDEF3C

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ca5b1b7f0ccdfc9b1beaee131b641664b70d326fcf39b0d160f1fd9882688bd6.exe
    "C:\Users\Admin\AppData\Local\Temp\ca5b1b7f0ccdfc9b1beaee131b641664b70d326fcf39b0d160f1fd9882688bd6.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3788
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca5b1b7f0ccdfc9b1beaee131b641664b70d326fcf39b0d160f1fd9882688bd6.exe.dll,z C:\Users\Admin\AppData\Local\Temp\ca5b1b7f0ccdfc9b1beaee131b641664b70d326fcf39b0d160f1fd9882688bd6.exe
      2⤵
      • Loads dropped DLL
      PID:3920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\ca5b1b7f0ccdfc9b1beaee131b641664b70d326fcf39b0d160f1fd9882688bd6.exe.dll
    MD5

    9d40487f2885325e6f418a59a15b288f

    SHA1

    d717efb2a88837d97ff99716a536d3bfff1e3c14

    SHA256

    fa1861e293134beb56f6aee9179015b26d28a8ce80c9387dfcd3f73f6beac35a

    SHA512

    f5dfb4e433d21c9d020378c6d2f380a147d2144f795a234c64c43d0a7c799717bb2e427568806c9d60badc0477e7c30afed475973fc8f673eb7e6eead60cdc5f

    Download Submit
  • \Users\Admin\AppData\Local\Temp\ca5b1b7f0ccdfc9b1beaee131b641664b70d326fcf39b0d160f1fd9882688bd6.exe.dll
    MD5

    9d40487f2885325e6f418a59a15b288f

    SHA1

    d717efb2a88837d97ff99716a536d3bfff1e3c14

    SHA256

    fa1861e293134beb56f6aee9179015b26d28a8ce80c9387dfcd3f73f6beac35a

    SHA512

    f5dfb4e433d21c9d020378c6d2f380a147d2144f795a234c64c43d0a7c799717bb2e427568806c9d60badc0477e7c30afed475973fc8f673eb7e6eead60cdc5f

    Download Submit
  • memory/3788-115-0x0000000000708000-0x00000000007EB000-memory.dmp
    Filesize

    908KB

    Download
  • memory/3788-116-0x00000000009E0000-0x0000000000ADA000-memory.dmp
    Filesize

    1000KB

    Download
  • memory/3788-117-0x0000000000400000-0x0000000000536000-memory.dmp
    Filesize

    1.2MB

    Download
  • memory/3920-118-0x0000000000000000-mapping.dmp
    Download