Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15d394e58b2307f97224fce85bb086a267616c4d64b2bf901dfe295d20f7ff87

  • Size

    281KB

  • Sample

    220923-ed4qhsdaf5

  • MD5

    30840d977db49739d966d3a656c786bf

  • SHA1

    2536a586a20a2f5fc05ace24ec5ad9b070b53814

  • SHA256

    15d394e58b2307f97224fce85bb086a267616c4d64b2bf901dfe295d20f7ff87

  • SHA512

    480f34980c12f9a6d16397eeaef19394859095099cf2b8fdb228f92925e61a3e67357ccd1aa733ebbcf907c85e065181f073c04e94c14d8d9693c267568e3765

  • SSDEEP

    6144:bruoSwazLRbw2TDEJJ5R6q3TgPSS0yhDigavwVfa:brzho1bw2TIJkqDg2ysl

Score
10/10
asyncratdanabotvenom clientsbankerpersistencerattrojan

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Extracted

Family

asyncrat

Version

VenomAngel 5.0.7

Botnet

Venom Clients

C2

91.134.214.15:4449

Mutex

Venom_RAT_HVNC_Mutex_Venom RAT_HVNC

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain

Targets

    • Target

      15d394e58b2307f97224fce85bb086a267616c4d64b2bf901dfe295d20f7ff87

    • Size

      281KB

    • MD5

      30840d977db49739d966d3a656c786bf

    • SHA1

      2536a586a20a2f5fc05ace24ec5ad9b070b53814

    • SHA256

      15d394e58b2307f97224fce85bb086a267616c4d64b2bf901dfe295d20f7ff87

    • SHA512

      480f34980c12f9a6d16397eeaef19394859095099cf2b8fdb228f92925e61a3e67357ccd1aa733ebbcf907c85e065181f073c04e94c14d8d9693c267568e3765

    • SSDEEP

      6144:bruoSwazLRbw2TDEJJ5R6q3TgPSS0yhDigavwVfa:brzho1bw2TIJkqDg2ysl

    Score
    10/10
    asyncratdanabotvenom clientsbankerpersistencerattrojan

    • AsyncRat

      AsyncRAT is designed to remotely monitor and control other computers.

      ratasyncrat

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Async RAT payload

      rat

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks