Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    24-09-2022 16:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ac2ff361585625b8f1988e20ef00acf25d40f5b43c6025018bb8c2b96fd8b049.exe

  • Size

    196KB

  • MD5

    7be05ae221e8cff71446c75ce04a0bed

  • SHA1

    aa2ff15284e855cc5d123bedd82cef78c3b4a115

  • SHA256

    ac2ff361585625b8f1988e20ef00acf25d40f5b43c6025018bb8c2b96fd8b049

  • SHA512

    82d5a4d9e434bd6944387b768064713ce964dfa6822c7d575fdedda8a0832f7e9be7b7f01b752a44365526e07281a8048e7a3dc0c05aa593dfc7db33f20abe07

  • SSDEEP

    3072:R0pP9L3M0xaA5TgUSQYsUKvTEmriIzBWrAFG7BZVlCc/Pkk4x:uLPxVh5TzriIzBWrAx

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ac2ff361585625b8f1988e20ef00acf25d40f5b43c6025018bb8c2b96fd8b049.exe
    "C:\Users\Admin\AppData\Local\Temp\ac2ff361585625b8f1988e20ef00acf25d40f5b43c6025018bb8c2b96fd8b049.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2732
  • C:\Users\Admin\AppData\Local\Temp\2FCA.exe
    C:\Users\Admin\AppData\Local\Temp\2FCA.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:4252
    • C:\Windows\SysWOW64\appidtel.exe
      C:\Windows\system32\appidtel.exe
      2⤵
        PID:4464

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\2FCA.exe
      Filesize

      1.3MB

      MD5

      38ba7056d233e336378d7d0f9228c9c4

      SHA1

      8ef3721c27c92928292af285b0e3f9a36e70668b

      SHA256

      28e21a0685da31189bde48b5ff8bd76ebcfaf78ae924d8c6991e3efa8a884deb

      SHA512

      2d95800224280634ccee934d91bdb2d307e39c794b10151b1caa8712f0c1cac12741d34e17fe8d2abf3706f0250e29b1f5f299cd59d3e64cb927ae534fffb508

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\2FCA.exe
      Filesize

      1.3MB

      MD5

      38ba7056d233e336378d7d0f9228c9c4

      SHA1

      8ef3721c27c92928292af285b0e3f9a36e70668b

      SHA256

      28e21a0685da31189bde48b5ff8bd76ebcfaf78ae924d8c6991e3efa8a884deb

      SHA512

      2d95800224280634ccee934d91bdb2d307e39c794b10151b1caa8712f0c1cac12741d34e17fe8d2abf3706f0250e29b1f5f299cd59d3e64cb927ae534fffb508

      Download Submit

    • memory/2108-203-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-169-0x0000000001610000-0x0000000001620000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-268-0x0000000002E60000-0x0000000002E70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-267-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-266-0x0000000001610000-0x0000000001620000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-243-0x0000000002E60000-0x0000000002E70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-198-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-241-0x00000000015E0000-0x00000000015F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-209-0x0000000002E60000-0x0000000002E70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-210-0x0000000002E60000-0x0000000002E70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-208-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-207-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-204-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-205-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-273-0x0000000002E60000-0x0000000002E70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-269-0x0000000002E60000-0x0000000002E70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-242-0x0000000002E60000-0x0000000002E70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-199-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-196-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-197-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-195-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-194-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-191-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-190-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-189-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-188-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-187-0x00000000015E0000-0x00000000015F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-181-0x0000000001610000-0x0000000001620000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-184-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-202-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-175-0x0000000001640000-0x0000000001650000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-272-0x0000000002E60000-0x0000000002E70000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2732-144-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-130-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-157-0x0000000000400000-0x000000000058B000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2732-121-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-156-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-122-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-123-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-124-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-125-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-126-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-128-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-127-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-129-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-154-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-155-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-131-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-132-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-153-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-133-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-152-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-134-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-136-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-151-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-150-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-149-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-148-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-147-0x0000000000400000-0x000000000058B000-memory.dmp

      Filesize

      1.5MB

      Download

    • memory/2732-137-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-146-0x00000000006B0000-0x00000000007FA000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2732-145-0x00000000006B0000-0x00000000007FA000-memory.dmp

      Filesize

      1.3MB

      Download

    • memory/2732-120-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-143-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-142-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-141-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-140-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-139-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2732-138-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-240-0x0000000000400000-0x00000000006E8000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/4252-180-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-171-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-172-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-178-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-176-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-174-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-186-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-168-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-239-0x00000000024D0000-0x00000000027AB000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/4252-158-0x0000000000000000-mapping.dmp

      Download

    • memory/4252-183-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-238-0x00000000023A0000-0x00000000024C7000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4252-165-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-244-0x00000000023A0000-0x00000000024C7000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4252-164-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-163-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-162-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-161-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4252-271-0x0000000000400000-0x00000000006E8000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/4252-160-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4464-226-0x0000000000000000-mapping.dmp

      Download