Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    08/10/2022, 09:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    01826e8b19fc447d32d514e7f5eb2c612dee8b0ba003775cc8bdaca0b164b1b7.exe

  • Size

    262KB

  • MD5

    13ac95897c8372dfb5ff342f24a94416

  • SHA1

    700be863c4884af851a6b54f3a53b5d11918507c

  • SHA256

    01826e8b19fc447d32d514e7f5eb2c612dee8b0ba003775cc8bdaca0b164b1b7

  • SHA512

    723001f6fd1c8456b0da6b4da46eb4d9b52d8dfa334b14c43900436c001eef6bcef47d20936dfcd1d2ce9c7567c29102ee5a81156eb6474660880113229da58f

  • SSDEEP

    3072:4XhL4AmnrsAIjO+nLCw5ACUe89nl8SJblcVPbmnVnopQfPfkihM/h3qpZa9uD6Vh:Ml4eCUkeAlnl+DmVoafPhrwVfeXO

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443
Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\01826e8b19fc447d32d514e7f5eb2c612dee8b0ba003775cc8bdaca0b164b1b7.exe
    "C:\Users\Admin\AppData\Local\Temp\01826e8b19fc447d32d514e7f5eb2c612dee8b0ba003775cc8bdaca0b164b1b7.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2716
  • C:\Users\Admin\AppData\Local\Temp\FAEF.exe
    C:\Users\Admin\AppData\Local\Temp\FAEF.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:4168
    • C:\Windows\SysWOW64\appidtel.exe
      C:\Windows\system32\appidtel.exe
      2⤵
        PID:4052
      • C:\Windows\syswow64\rundll32.exe
        "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
        2⤵
          PID:3040
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 612
          2⤵
          • Program crash
          PID:4920
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 580
          2⤵
          • Program crash
          PID:1308

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\FAEF.exe
        Filesize

        1.3MB

        MD5

        99384f137f29b4d5ca38008b8ce9f4d5

        SHA1

        3597092049803f96404dffe0b05bad24fca9068f

        SHA256

        8ca8d6a484f396ee840c35ad70cb72dac9762cce907f73dcdb686ae3fdfaebb4

        SHA512

        c8ab34e4d418c50e166e924af9ffbc5fae5d89c36d2827abcfa54a6f279cb851b4bba617715c22e1cef69e47944ffbc927101f1105c3941e4450d0e5e41aafe2

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\FAEF.exe
        Filesize

        1.3MB

        MD5

        99384f137f29b4d5ca38008b8ce9f4d5

        SHA1

        3597092049803f96404dffe0b05bad24fca9068f

        SHA256

        8ca8d6a484f396ee840c35ad70cb72dac9762cce907f73dcdb686ae3fdfaebb4

        SHA512

        c8ab34e4d418c50e166e924af9ffbc5fae5d89c36d2827abcfa54a6f279cb851b4bba617715c22e1cef69e47944ffbc927101f1105c3941e4450d0e5e41aafe2

        Download Submit

      • memory/2716-116-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-117-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-118-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-119-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-120-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-121-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-122-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-123-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-124-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-125-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-126-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-127-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-128-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-129-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-130-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-131-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-132-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-133-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-134-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-136-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-137-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-135-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-138-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-139-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-140-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-141-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-142-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-143-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-144-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-145-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-146-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-148-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-147-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2716-149-0x000000000074A000-0x000000000075B000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2716-150-0x0000000000540000-0x000000000068A000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/2716-151-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/2716-152-0x000000000074A000-0x000000000075B000-memory.dmp

        Filesize

        68KB

        Download

      • memory/2716-153-0x0000000000400000-0x0000000000446000-memory.dmp

        Filesize

        280KB

        Download

      • memory/4052-190-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4052-191-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-156-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-157-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-158-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-159-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-160-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-161-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-162-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-164-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-165-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-166-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-167-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-168-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-169-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-170-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-171-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-172-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-173-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-174-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-175-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-176-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-177-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-178-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-180-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-182-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-181-0x00000000024C0000-0x00000000025EB000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/4168-183-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-184-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-185-0x00000000025F0000-0x00000000028B2000-memory.dmp

        Filesize

        2.8MB

        Download

      • memory/4168-186-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-187-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-188-0x0000000077A60000-0x0000000077BEE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/4168-194-0x0000000000400000-0x00000000006CE000-memory.dmp

        Filesize

        2.8MB

        Download

      • memory/4168-202-0x00000000024C0000-0x00000000025EB000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/4168-203-0x00000000025F0000-0x00000000028B2000-memory.dmp

        Filesize

        2.8MB

        Download

      • memory/4168-204-0x0000000000400000-0x00000000006CE000-memory.dmp

        Filesize

        2.8MB

        Download

      • memory/4168-207-0x0000000000400000-0x00000000006CE000-memory.dmp

        Filesize

        2.8MB

        Download

      • memory/4168-219-0x0000000000400000-0x00000000006CE000-memory.dmp

        Filesize

        2.8MB

        Download