Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    134s
  • max time network
    125s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    12-01-2022 22:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e60d0b4cde4d9d94fd6b0c82ab32ff7e98b9b20a46b4fed0def44b19ae3a3943.exe

  • Size

    1.1MB

  • MD5

    96dfa3c9a3fd17abdeb8a4a16972b8c7

  • SHA1

    a2881094c447e3a9523cdc3b8e44128050130b75

  • SHA256

    e60d0b4cde4d9d94fd6b0c82ab32ff7e98b9b20a46b4fed0def44b19ae3a3943

  • SHA512

    85c54d9b815d797b57f193cbfa2184522ae9fabcf333f93e9b469b74e86bc42aab6f8f0d644fb10b5dc116de3c2de317e19686cc0d931b7edbd03648ec4ec4d3

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

209.127.27.22:443

103.175.16.114:443

103.175.16.113:443
Attributes
  • embedded_hash

    422236FD601D11EE82825A484D26DD6F

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e60d0b4cde4d9d94fd6b0c82ab32ff7e98b9b20a46b4fed0def44b19ae3a3943.exe
    "C:\Users\Admin\AppData\Local\Temp\e60d0b4cde4d9d94fd6b0c82ab32ff7e98b9b20a46b4fed0def44b19ae3a3943.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2564
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\e60d0b4cde4d9d94fd6b0c82ab32ff7e98b9b20a46b4fed0def44b19ae3a3943.exe.dll,z C:\Users\Admin\AppData\Local\Temp\e60d0b4cde4d9d94fd6b0c82ab32ff7e98b9b20a46b4fed0def44b19ae3a3943.exe
      2⤵
      • Loads dropped DLL
      PID:3412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\e60d0b4cde4d9d94fd6b0c82ab32ff7e98b9b20a46b4fed0def44b19ae3a3943.exe.dll
    MD5

    df3464d790feb67051ff0f5560533c21

    SHA1

    c5c536664e307d5bd678b3008ba84196c6440e96

    SHA256

    bdff83014eac859e146424a730d8279bf96a05f74b67ede5b8548c7e791ba65c

    SHA512

    59079bafca39f389cc16960f2aa236c75d9a5e197592972f5efcbd458de28d9a852b6a50b2f76f0df77bc4fca9143857338fbcc5571bf65fb4ded25d836ed26d

    Download Submit
  • \Users\Admin\AppData\Local\Temp\e60d0b4cde4d9d94fd6b0c82ab32ff7e98b9b20a46b4fed0def44b19ae3a3943.exe.dll
    MD5

    df3464d790feb67051ff0f5560533c21

    SHA1

    c5c536664e307d5bd678b3008ba84196c6440e96

    SHA256

    bdff83014eac859e146424a730d8279bf96a05f74b67ede5b8548c7e791ba65c

    SHA512

    59079bafca39f389cc16960f2aa236c75d9a5e197592972f5efcbd458de28d9a852b6a50b2f76f0df77bc4fca9143857338fbcc5571bf65fb4ded25d836ed26d

    Download Submit
  • memory/2564-115-0x000000000090C000-0x00000000009EF000-memory.dmp
    Filesize

    908KB

    Download
  • memory/2564-117-0x0000000000400000-0x000000000063C000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/2564-116-0x0000000000AB0000-0x0000000000BAB000-memory.dmp
    Filesize

    1004KB

    Download
  • memory/3412-118-0x0000000000000000-mapping.dmp
    Download