Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12/10/2022, 11:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3cc059f1b24d12f7b80420e603fd1ebf96f42fe2f4e6258d6db2c243b89d2c29.exe

  • Size

    295KB

  • MD5

    a1ba4e09726e081a6ec2a809cfbb9e4a

  • SHA1

    826b76447e9ed29cbdf2f7235e03262a468c41a0

  • SHA256

    3cc059f1b24d12f7b80420e603fd1ebf96f42fe2f4e6258d6db2c243b89d2c29

  • SHA512

    83792cfe26c719834f9f13af6ca2ae90bfbf1fb9c604e3321b8737a7408d83dc128c0b002b74f7615bfee5a8f0b960c1ecccb354e1f82e2a6f2a1c77d3a5c919

  • SSDEEP

    6144:S5COjHJSNXbrG5qVSFqyW9G4xceigavwVfC:SjjoVbrFV3y0JcTZ

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443
Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3cc059f1b24d12f7b80420e603fd1ebf96f42fe2f4e6258d6db2c243b89d2c29.exe
    "C:\Users\Admin\AppData\Local\Temp\3cc059f1b24d12f7b80420e603fd1ebf96f42fe2f4e6258d6db2c243b89d2c29.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2696
  • C:\Users\Admin\AppData\Local\Temp\4D07.exe
    C:\Users\Admin\AppData\Local\Temp\4D07.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:3416
    • C:\Windows\SysWOW64\appidtel.exe
      C:\Windows\system32\appidtel.exe
      2⤵
        PID:3668
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 620
        2⤵
        • Program crash
        PID:3484
      • C:\Windows\syswow64\rundll32.exe
        "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
        2⤵
          PID:1600
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 592
          2⤵
          • Program crash
          PID:4100

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\4D07.exe
        Filesize

        1.3MB

        MD5

        6a1f168b1e392b432135c181515d493c

        SHA1

        f7538296961d01ee93158bca2c50eb804c5544c8

        SHA256

        8e2eb8d5fd30baf39cdc6a7fadc7651a90bdee0ab9176af839294cec61c31c3b

        SHA512

        a0aec30d05861acbbedd99d7036533cdd48521d48692281b694718ebe84fd37d587833a96315bc54b9568645ebc24ce8ee0d2b78cc51b9d3ae3c3e3a284d1c1a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\4D07.exe
        Filesize

        1.3MB

        MD5

        6a1f168b1e392b432135c181515d493c

        SHA1

        f7538296961d01ee93158bca2c50eb804c5544c8

        SHA256

        8e2eb8d5fd30baf39cdc6a7fadc7651a90bdee0ab9176af839294cec61c31c3b

        SHA512

        a0aec30d05861acbbedd99d7036533cdd48521d48692281b694718ebe84fd37d587833a96315bc54b9568645ebc24ce8ee0d2b78cc51b9d3ae3c3e3a284d1c1a

        Download Submit

      • memory/2696-157-0x0000000000400000-0x000000000044F000-memory.dmp

        Filesize

        316KB

        Download

      • memory/2696-120-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-123-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-124-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-125-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-126-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-127-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-128-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-129-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-130-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-131-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-132-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-121-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-134-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-135-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-136-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-137-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-138-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-139-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-140-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-141-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-142-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-144-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-145-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-146-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-147-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-148-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-149-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-151-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-150-0x0000000000450000-0x000000000059A000-memory.dmp

        Filesize

        1.3MB

        Download

      • memory/2696-153-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-155-0x0000000000400000-0x000000000044F000-memory.dmp

        Filesize

        316KB

        Download

      • memory/2696-154-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-152-0x00000000001D0000-0x00000000001D9000-memory.dmp

        Filesize

        36KB

        Download

      • memory/2696-156-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-119-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-133-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2696-122-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-176-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-182-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-162-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-163-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-164-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-165-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-166-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-168-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-169-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-181-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-171-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-172-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-173-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-174-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-160-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-178-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-175-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-170-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-161-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-177-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-180-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-179-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-183-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-184-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-186-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-187-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-188-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-189-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-190-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-191-0x0000000077840000-0x00000000779CE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3416-223-0x0000000000400000-0x00000000006CE000-memory.dmp

        Filesize

        2.8MB

        Download

      • memory/3416-204-0x0000000002470000-0x0000000002598000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/3416-205-0x00000000025A0000-0x0000000002862000-memory.dmp

        Filesize

        2.8MB

        Download

      • memory/3416-206-0x0000000000400000-0x00000000006CE000-memory.dmp

        Filesize

        2.8MB

        Download

      • memory/3416-207-0x0000000002470000-0x0000000002598000-memory.dmp

        Filesize

        1.2MB

        Download

      • memory/3416-220-0x0000000000400000-0x00000000006CE000-memory.dmp

        Filesize

        2.8MB

        Download