Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16/09/2022, 16:35

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    037e1a172f2c4044729a7a73e82bcb6193b132e00df5b665efcc55d192a88d57.exe

  • Size

    301KB

  • MD5

    aff64082fe89b274f9d05e28670ec4f1

  • SHA1

    2bda6f8594e7e2d30c0c8c11bcf5a64ece090035

  • SHA256

    037e1a172f2c4044729a7a73e82bcb6193b132e00df5b665efcc55d192a88d57

  • SHA512

    baae6667e6b46eb44bba1f8fd1be272a13cfcf9a9f89a05be684f3b2001f46d61a7a14eb6bfbd16b7db9310da4e86c657714a04dadb3479c812f5ebbe19ca955

  • SSDEEP

    3072:zZXj4PzoC5J07h4LkOC2RyRZI0JXqzLoYCIjkL6Rn0KbbGWpWIM/h3BsxkgaBCho:hjSkF4Lk5XiLfNo6Rn0GbWInigabwVf

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

C2

103.144.139.228:443

213.227.154.98:443

66.85.147.23:443

153.92.223.225:443
Attributes
  • embedded_hash

    A64A3A6ED13022027B84C77D31BE0C74

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\037e1a172f2c4044729a7a73e82bcb6193b132e00df5b665efcc55d192a88d57.exe
    "C:\Users\Admin\AppData\Local\Temp\037e1a172f2c4044729a7a73e82bcb6193b132e00df5b665efcc55d192a88d57.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2804
  • C:\Users\Admin\AppData\Local\Temp\3103.exe
    C:\Users\Admin\AppData\Local\Temp\3103.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Windows\SysWOW64\rundll32.exe
      C:\Windows\system32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\Etfrehti.dll,start C:\Users\Admin\AppData\Local\Temp\3103.exe
      2⤵
      • Loads dropped DLL
      PID:3464

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\3103.exe
          Filesize

          1.9MB

          MD5

          218cdec2e264fe3cc55efa80a8aca390

          SHA1

          6424ccac16a8d8d0c8ca5e82e694760618123591

          SHA256

          bba1d412bbc0047851df401b5931da7f9e40c19f98ee8a48d467ceb7cbeb8844

          SHA512

          665e03f2277d4653d6b9977a5ace8b0e414ce7512246dec320c22f9d5646acf02d3e3078866f110f4daa50543aaecbcd5c9cbddaa0b9973a452c0ea5ede8408f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\3103.exe
          Filesize

          1.9MB

          MD5

          218cdec2e264fe3cc55efa80a8aca390

          SHA1

          6424ccac16a8d8d0c8ca5e82e694760618123591

          SHA256

          bba1d412bbc0047851df401b5931da7f9e40c19f98ee8a48d467ceb7cbeb8844

          SHA512

          665e03f2277d4653d6b9977a5ace8b0e414ce7512246dec320c22f9d5646acf02d3e3078866f110f4daa50543aaecbcd5c9cbddaa0b9973a452c0ea5ede8408f

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Etfrehti.dll
          Filesize

          2.5MB

          MD5

          d7a66ca4622307cefbaf2d548edf21c1

          SHA1

          d6e7396cf81fddc86bd9a6adb17dbec09fbd532d

          SHA256

          c692330b06a1c232eafe7e68f867c6f339ca9545834010b0997e19f936ad0b5d

          SHA512

          4d9e5fa064ea98af43d5fef363a69a593fdd0ae5f4b79db0794bd5b12e9ffd0c52bb53b7c7b08141f4a33ea7b786f2164504af3295ee9466477270e69b87f41c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\Etfrehti.dll
          Filesize

          2.5MB

          MD5

          d7a66ca4622307cefbaf2d548edf21c1

          SHA1

          d6e7396cf81fddc86bd9a6adb17dbec09fbd532d

          SHA256

          c692330b06a1c232eafe7e68f867c6f339ca9545834010b0997e19f936ad0b5d

          SHA512

          4d9e5fa064ea98af43d5fef363a69a593fdd0ae5f4b79db0794bd5b12e9ffd0c52bb53b7c7b08141f4a33ea7b786f2164504af3295ee9466477270e69b87f41c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\Etfrehti.dll
          Filesize

          2.5MB

          MD5

          d7a66ca4622307cefbaf2d548edf21c1

          SHA1

          d6e7396cf81fddc86bd9a6adb17dbec09fbd532d

          SHA256

          c692330b06a1c232eafe7e68f867c6f339ca9545834010b0997e19f936ad0b5d

          SHA512

          4d9e5fa064ea98af43d5fef363a69a593fdd0ae5f4b79db0794bd5b12e9ffd0c52bb53b7c7b08141f4a33ea7b786f2164504af3295ee9466477270e69b87f41c

          Download Submit

        • memory/2804-152-0x0000000000400000-0x0000000000450000-memory.dmp

          Filesize

          320KB

          Download

        • memory/2804-148-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-118-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-119-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-120-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-121-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-122-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-123-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-124-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-125-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-126-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-127-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-128-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-129-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-130-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-132-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-133-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-134-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-135-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-136-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-137-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-138-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-139-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-140-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-141-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-142-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-143-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-144-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-145-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-146-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-147-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-115-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-149-0x0000000000450000-0x00000000004FE000-memory.dmp

          Filesize

          696KB

          Download

        • memory/2804-150-0x00000000001E0000-0x00000000001E9000-memory.dmp

          Filesize

          36KB

          Download

        • memory/2804-151-0x0000000000400000-0x0000000000450000-memory.dmp

          Filesize

          320KB

          Download

        • memory/2804-116-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/2804-117-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3464-252-0x0000000004250000-0x00000000044E4000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/3464-258-0x0000000004250000-0x00000000044E4000-memory.dmp

          Filesize

          2.6MB

          Download

        • memory/4756-176-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-179-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-159-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-160-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-161-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-178-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-163-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-165-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-166-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-167-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-169-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-168-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-170-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-171-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-173-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-174-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-177-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-158-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-175-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-157-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-180-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-181-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-182-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-183-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-186-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-187-0x0000000002540000-0x000000000271C000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4756-185-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-184-0x0000000002390000-0x000000000253A000-memory.dmp

          Filesize

          1.7MB

          Download

        • memory/4756-188-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-189-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-191-0x0000000000400000-0x00000000005EA000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4756-156-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-164-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-155-0x0000000076FE0000-0x000000007716E000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/4756-203-0x0000000000400000-0x00000000005EA000-memory.dmp

          Filesize

          1.9MB

          Download

        • memory/4756-204-0x0000000002540000-0x000000000271C000-memory.dmp

          Filesize

          1.9MB

          Download