Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    813319210cd08cb48e1feb0573595ab215a41f7c2ba7092779c0be119b55c429

  • Size

    1.3MB

  • Sample

    220921-wjbelacdgl

  • MD5

    21a268d6065e5ff97d85580be1665168

  • SHA1

    e59ae1882390cf7dae16a176cc6bac3dbead534f

  • SHA256

    813319210cd08cb48e1feb0573595ab215a41f7c2ba7092779c0be119b55c429

  • SHA512

    461d36f1f7425ba613f063039a9a5590cf5ee9834be3cc2801ff90cd116012ba8df025ffb8ddf58ee50cff14fc954241d5fb1e4149db58b634d73d7c969b1567

  • SSDEEP

    24576:9Q08CMJRgILCS7bbmclkenvJP1vo52BRYC5tjiMNC/YHFP2D0mrFxFUQXw2/UK:iTXdLdSczvJdp0J5wlPqpxSeUK

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535
Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      813319210cd08cb48e1feb0573595ab215a41f7c2ba7092779c0be119b55c429

    • Size

      1.3MB

    • MD5

      21a268d6065e5ff97d85580be1665168

    • SHA1

      e59ae1882390cf7dae16a176cc6bac3dbead534f

    • SHA256

      813319210cd08cb48e1feb0573595ab215a41f7c2ba7092779c0be119b55c429

    • SHA512

      461d36f1f7425ba613f063039a9a5590cf5ee9834be3cc2801ff90cd116012ba8df025ffb8ddf58ee50cff14fc954241d5fb1e4149db58b634d73d7c969b1567

    • SSDEEP

      24576:9Q08CMJRgILCS7bbmclkenvJP1vo52BRYC5tjiMNC/YHFP2D0mrFxFUQXw2/UK:iTXdLdSczvJdp0J5wlPqpxSeUK

    Score
    10/10
    danabotbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks