Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    165s
  • max time network
    175s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    04/10/2022, 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5cf8d15847cbc4f3be8686db95dc918fc01e53ce9e74cd7cc7e189d474d4e989.exe

  • Size

    265KB

  • MD5

    7a0c77ee41e10851af68272f00b6dbff

  • SHA1

    2883acf384b50634149072b3d1aff8333ffa456d

  • SHA256

    5cf8d15847cbc4f3be8686db95dc918fc01e53ce9e74cd7cc7e189d474d4e989

  • SHA512

    cbe16bdafbef3a2d07438116778ba31d316166e1309e6f56763aefe5739c2a01de08c6f2b7d4206ec6d731a1439d3fb1f5fba935feb008c97a6dc69d8f95a646

  • SSDEEP

    6144:ZtF93LLd1WlnWbPrfXJuCuzbgwuO1+wVf:Z5vdUJqrXBunnx

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    EAD30BF58E340E9E105B328F524565E0

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5cf8d15847cbc4f3be8686db95dc918fc01e53ce9e74cd7cc7e189d474d4e989.exe
    "C:\Users\Admin\AppData\Local\Temp\5cf8d15847cbc4f3be8686db95dc918fc01e53ce9e74cd7cc7e189d474d4e989.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2656
  • C:\Users\Admin\AppData\Local\Temp\C35B.exe
    C:\Users\Admin\AppData\Local\Temp\C35B.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:4636
    • C:\Windows\SysWOW64\appidtel.exe
      C:\Windows\system32\appidtel.exe
      2⤵
        PID:4756

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\C35B.exe
      Filesize

      4.6MB

      MD5

      96a464cd2b17c188539df98a59927069

      SHA1

      7ea4a621e3aece14ea53944a7656321f0cc23ba6

      SHA256

      e4a8d0c5ce7c8b1e943c671968614dd40059bd2ccfb9112affe65f80aae1f1d8

      SHA512

      95a25ca0919d33283dbfe082f8b236e7072c6ef1fd6efe7042fff17995b28ad68d324b0d09ac0d09e421eeac0b1c1bd6514954e2aa8925f8532bf212f7a0ab50

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C35B.exe
      Filesize

      4.6MB

      MD5

      96a464cd2b17c188539df98a59927069

      SHA1

      7ea4a621e3aece14ea53944a7656321f0cc23ba6

      SHA256

      e4a8d0c5ce7c8b1e943c671968614dd40059bd2ccfb9112affe65f80aae1f1d8

      SHA512

      95a25ca0919d33283dbfe082f8b236e7072c6ef1fd6efe7042fff17995b28ad68d324b0d09ac0d09e421eeac0b1c1bd6514954e2aa8925f8532bf212f7a0ab50

      Download Submit

    • memory/2656-153-0x0000000000400000-0x0000000000448000-memory.dmp

      Filesize

      288KB

      Download

    • memory/2656-146-0x00000000004A0000-0x000000000054E000-memory.dmp

      Filesize

      696KB

      Download

    • memory/2656-119-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-120-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-121-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-122-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-123-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-124-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-125-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-126-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-127-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-128-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-129-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-130-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-131-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-133-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-134-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-132-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-135-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-136-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-138-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-139-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-140-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-141-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-142-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-143-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-144-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-117-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-145-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-149-0x0000000000400000-0x0000000000448000-memory.dmp

      Filesize

      288KB

      Download

    • memory/2656-148-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-147-0x00000000004A0000-0x000000000054E000-memory.dmp

      Filesize

      696KB

      Download

    • memory/2656-150-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-151-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-152-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-115-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-118-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2656-116-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-175-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-165-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-159-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-157-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-160-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-176-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-162-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-164-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-174-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-166-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-167-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-168-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-169-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-156-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-171-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-172-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-173-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-158-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-170-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-161-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-178-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-177-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-180-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-181-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-182-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-183-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-184-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-186-0x00000000026F0000-0x0000000002B63000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/4636-187-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-189-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-188-0x0000000002B70000-0x0000000003186000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4636-185-0x00000000775D0000-0x000000007775E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4636-204-0x0000000002B70000-0x0000000003186000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4636-202-0x0000000000400000-0x0000000000A22000-memory.dmp

      Filesize

      6.1MB

      Download

    • memory/4636-203-0x00000000026F0000-0x0000000002B63000-memory.dmp

      Filesize

      4.4MB

      Download