Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    149s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    14-10-2022 13:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a313ba86e10a0740312fe203d5ae61fd6000b6639dc4c976d62050fe81aa3962.exe

  • Size

    232KB

  • MD5

    78484b4b3be56f7d6ec26219a7b262b7

  • SHA1

    5d5c43764824f120e2770bf3e483d360e8fe6c83

  • SHA256

    a313ba86e10a0740312fe203d5ae61fd6000b6639dc4c976d62050fe81aa3962

  • SHA512

    a48f548d612de3b620b181f65d89074469e864e3591956e2163309f343f0371626bee3eb4f7df840caa9eb94eed29697eb45b8de4c6a5638a551708e3e91a145

  • SSDEEP

    3072:YXN+ENpaLx86Rx1s57bmGqCLdzchI9Etx9eii0K6RzgORP2RITih:s1papL1ubmG2tx9Di0lZgORPsITih

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a313ba86e10a0740312fe203d5ae61fd6000b6639dc4c976d62050fe81aa3962.exe
    "C:\Users\Admin\AppData\Local\Temp\a313ba86e10a0740312fe203d5ae61fd6000b6639dc4c976d62050fe81aa3962.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:2744
  • C:\Users\Admin\AppData\Local\Temp\6467.exe
    C:\Users\Admin\AppData\Local\Temp\6467.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:4884
    • C:\Windows\SysWOW64\appidtel.exe
      C:\Windows\system32\appidtel.exe
      2⤵
        PID:784

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\6467.exe
      Filesize

      1.3MB

      MD5

      03046560856663d2f9ddc4a48f976f03

      SHA1

      399a60dd4b2456fd4dbce8acf0f49841256fdd25

      SHA256

      dd19087cd85b24b84525e1082be97a154a2aacff498b86c2f461cd7e92a8b148

      SHA512

      a3e631ff11813cd7ce3116b3730e18f9d4afb3b06db796ee5b78f1bd37d292e0db8ca1245333adc49fbca47f1f8b955ca10b735d5c90e797634090d1bee28446

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\6467.exe
      Filesize

      1.3MB

      MD5

      03046560856663d2f9ddc4a48f976f03

      SHA1

      399a60dd4b2456fd4dbce8acf0f49841256fdd25

      SHA256

      dd19087cd85b24b84525e1082be97a154a2aacff498b86c2f461cd7e92a8b148

      SHA512

      a3e631ff11813cd7ce3116b3730e18f9d4afb3b06db796ee5b78f1bd37d292e0db8ca1245333adc49fbca47f1f8b955ca10b735d5c90e797634090d1bee28446

      Download Submit

    • memory/2108-192-0x0000000001600000-0x0000000001610000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-277-0x0000000005150000-0x0000000005160000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-191-0x0000000001600000-0x0000000001610000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-190-0x00000000015E0000-0x00000000015F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-276-0x0000000005150000-0x0000000005160000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-275-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-252-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-251-0x0000000001590000-0x00000000015A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-280-0x0000000005150000-0x0000000005160000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-224-0x0000000001600000-0x0000000001610000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-223-0x0000000001600000-0x0000000001610000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-222-0x0000000001600000-0x0000000001610000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-281-0x0000000005150000-0x0000000005160000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-282-0x0000000005150000-0x0000000005160000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-193-0x0000000001600000-0x0000000001610000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-163-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-278-0x0000000005150000-0x0000000005160000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-189-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-279-0x0000000005150000-0x0000000005160000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-188-0x0000000001590000-0x00000000015A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-187-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-186-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-185-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-184-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-181-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-180-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-179-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-178-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-177-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-174-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-171-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-170-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-169-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-168-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-166-0x00000000015D0000-0x00000000015E0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2108-161-0x0000000001590000-0x00000000015A0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2744-145-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-139-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-157-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-156-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-155-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2744-154-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-153-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-152-0x0000000000590000-0x0000000000599000-memory.dmp

      Filesize

      36KB

      Download

    • memory/2744-151-0x0000000000440000-0x00000000004EE000-memory.dmp

      Filesize

      696KB

      Download

    • memory/2744-150-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-149-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-148-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-147-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-146-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-120-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-143-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-142-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-141-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-140-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-134-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-138-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-137-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-121-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-136-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-123-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-122-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-124-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-125-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-126-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-158-0x0000000000400000-0x000000000043F000-memory.dmp

      Filesize

      252KB

      Download

    • memory/2744-127-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-135-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-128-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-130-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-129-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-131-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-132-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2744-133-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-201-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-209-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-208-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-207-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-234-0x0000000002410000-0x0000000002537000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4884-237-0x00000000025A0000-0x0000000002862000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/4884-238-0x0000000000400000-0x00000000006CE000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/4884-246-0x0000000002410000-0x0000000002537000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4884-247-0x0000000000400000-0x00000000006CE000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/4884-206-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-205-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-204-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-202-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-200-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-199-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-197-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-198-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-196-0x0000000076F80000-0x000000007710E000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4884-284-0x0000000000400000-0x00000000006CE000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/4884-285-0x0000000000400000-0x00000000006CE000-memory.dmp

      Filesize

      2.8MB

      Download