Overview

overview

10

Static

static

dridex

windows10_x64

10

Analysis

  • max time kernel
    135s
  • max time network
    144s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    12-01-2022 20:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712.exe

  • Size

    1.1MB

  • MD5

    faaa466bf9c6fe5eb5c8625c71af738e

  • SHA1

    e98d76fb100d8db912c6844070c45dc86fdd1e7e

  • SHA256

    3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712

  • SHA512

    99b5c0cf8fa9b22004667546aa86a4e7c5314652ed790054edccc2c8e5f03bd4d59a20d26c4205edee76af567816ba766bb222f3681da899ef502983f731eaa0

Score
10/10
danabot4bankertrojan

Malware Config

Extracted

Family

danabot

Botnet

4

C2

209.127.27.22:443

103.175.16.114:443

103.175.16.113:443
Attributes
  • embedded_hash

    422236FD601D11EE82825A484D26DD6F

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712.exe
    "C:\Users\Admin\AppData\Local\Temp\3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1520
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712.exe.dll,z C:\Users\Admin\AppData\Local\Temp\3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712.exe
      2⤵
      • Loads dropped DLL
      PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712.exe.dll
    MD5

    61e625821acaa22f3cc0dba3cacd05f5

    SHA1

    42b1c0f82b1aacbaeb3f390b8cb3fcbec7f7c035

    SHA256

    212c4d9b60e4264765f502b8a04f438852b000b3690a3dd9e976824dad9c0384

    SHA512

    c847c8499ca0f825c9684d8e75ed7682048fbbefb9708c044092dc4533bba8c9c1233729ca6f28d1dc4cffbb25b21992a11413e287b5accd65f93dfc5b8d0d6a

    Download Submit
  • \Users\Admin\AppData\Local\Temp\3dd35c188f76ea5d26827da073c0c0af65c99ca72097e9bef76682b4f1b94712.exe.dll
    MD5

    61e625821acaa22f3cc0dba3cacd05f5

    SHA1

    42b1c0f82b1aacbaeb3f390b8cb3fcbec7f7c035

    SHA256

    212c4d9b60e4264765f502b8a04f438852b000b3690a3dd9e976824dad9c0384

    SHA512

    c847c8499ca0f825c9684d8e75ed7682048fbbefb9708c044092dc4533bba8c9c1233729ca6f28d1dc4cffbb25b21992a11413e287b5accd65f93dfc5b8d0d6a

    Download Submit
  • memory/1520-115-0x0000000000713000-0x00000000007F6000-memory.dmp
    Filesize

    908KB

    Download
  • memory/1520-117-0x0000000000400000-0x000000000063C000-memory.dmp
    Filesize

    2.2MB

    Download
  • memory/1520-116-0x0000000000900000-0x00000000009FB000-memory.dmp
    Filesize

    1004KB

    Download
  • memory/3052-118-0x0000000000000000-mapping.dmp
    Download