Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09-10-2022 18:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d862c236bceec83922b1179e7b38ad89dc29d55b478d031e17c1d5a01f55874.exe

  • Size

    269KB

  • MD5

    afa77851dfa878fa82de8dfd4184be3f

  • SHA1

    17fae8932cf8c98512c5895b2628820dd5e21395

  • SHA256

    5d862c236bceec83922b1179e7b38ad89dc29d55b478d031e17c1d5a01f55874

  • SHA512

    7b8c14c10585fd66e7bd174906cdfff5581b548e2df9832fcf60863e33083fbb971b844830f1c5155bff70dd10a4063c16bb79eea5cfbb097b34b41d184f58db

  • SSDEEP

    3072:+jXJH+hH7+5Pc6vFv5sb1sCVdHNMTj4lb/JP31HOMmBM/h3qpZa9uD6VdyhkhUux:+bRY76FmRsCVdHNQj4rJ4MmBrwVfquS

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d862c236bceec83922b1179e7b38ad89dc29d55b478d031e17c1d5a01f55874.exe
    "C:\Users\Admin\AppData\Local\Temp\5d862c236bceec83922b1179e7b38ad89dc29d55b478d031e17c1d5a01f55874.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2748
  • C:\Users\Admin\AppData\Local\Temp\2F0F.exe
    C:\Users\Admin\AppData\Local\Temp\2F0F.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:4460
    • C:\Windows\SysWOW64\appidtel.exe
      C:\Windows\system32\appidtel.exe
      2⤵
        PID:3804

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\2F0F.exe
      Filesize

      1.3MB

      MD5

      37fd0e3db49a2d9e870a2db891467670

      SHA1

      704397d4906d5835bc9d0d0bfada4f609ebbde17

      SHA256

      3a792be363e901365583a6b68b8f13c8ea2c67a70a086bba2e9a383f887b1e28

      SHA512

      bdce3ff1b3778a838ec926c00d092b1b7020ed6964b2df8d30e2e761264f858385caf0f5ecbb92ae921b18a4abe6610ad30f3ac39bf2810f17035d45665d090d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\2F0F.exe
      Filesize

      1.3MB

      MD5

      37fd0e3db49a2d9e870a2db891467670

      SHA1

      704397d4906d5835bc9d0d0bfada4f609ebbde17

      SHA256

      3a792be363e901365583a6b68b8f13c8ea2c67a70a086bba2e9a383f887b1e28

      SHA512

      bdce3ff1b3778a838ec926c00d092b1b7020ed6964b2df8d30e2e761264f858385caf0f5ecbb92ae921b18a4abe6610ad30f3ac39bf2810f17035d45665d090d

      Download Submit

    • memory/2748-120-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-121-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-122-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-123-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-124-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-125-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-126-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-127-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-128-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-129-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-130-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-131-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-132-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-133-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-134-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-136-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-137-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-138-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-135-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-139-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-140-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-141-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-142-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-143-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-144-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-145-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-146-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-147-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-148-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-149-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-150-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-151-0x00000000007EA000-0x00000000007FA000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2748-152-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-153-0x00000000005D0000-0x00000000005D9000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2748-154-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2748-155-0x0000000000400000-0x0000000000447000-memory.dmp

      Filesize

      284KB

      Download

    • memory/2748-156-0x00000000007EA000-0x00000000007FA000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2748-157-0x0000000000400000-0x0000000000447000-memory.dmp

      Filesize

      284KB

      Download

    • memory/3804-194-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3804-195-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-160-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-162-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-161-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-163-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-164-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-165-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-166-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-168-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-169-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-170-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-171-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-172-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-173-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-174-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-176-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-177-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-178-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-179-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-180-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-175-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-181-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-182-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-184-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-185-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-186-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-188-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-190-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-189-0x00000000025C0000-0x0000000002882000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/4460-191-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-192-0x0000000077660000-0x00000000777EE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4460-187-0x00000000023D0000-0x00000000024FC000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4460-198-0x0000000000400000-0x00000000006CE000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/4460-206-0x00000000023D0000-0x00000000024FC000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4460-207-0x00000000025C0000-0x0000000002882000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/4460-208-0x0000000000400000-0x00000000006CE000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/4460-210-0x0000000000400000-0x00000000006CE000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/4460-211-0x0000000000400000-0x00000000006CE000-memory.dmp

      Filesize

      2.8MB

      Download