Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    16/10/2022, 23:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    257e71c8e07e82c77729146af5daaf4109bd1103f7b7f92c81e2e4da13c7c1ed.exe

  • Size

    224KB

  • MD5

    92bfa613bf98162934c2da1e48fe2de6

  • SHA1

    96ffc8fd008aaa0bc82a2ffa3bfd7a1ce4e9a567

  • SHA256

    257e71c8e07e82c77729146af5daaf4109bd1103f7b7f92c81e2e4da13c7c1ed

  • SHA512

    d8c6814fc515d5eda3a78a1ed6a4bba21e0f35b8664bc9660f5fc698ce299a3af1c623bf4ff74e9932bbed50eeea4a743093be60027b223202fc890a0e874f81

  • SSDEEP

    3072:VBXp+QH4L/nAAVLXe5Y9WU/dwwnJb2nEKGORIEn0KKPYzRj+UuS:LXH4LbLZ9oa/sn0JYNjHuS

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Detects Smokeloader packer 2 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\257e71c8e07e82c77729146af5daaf4109bd1103f7b7f92c81e2e4da13c7c1ed.exe
    "C:\Users\Admin\AppData\Local\Temp\257e71c8e07e82c77729146af5daaf4109bd1103f7b7f92c81e2e4da13c7c1ed.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:1896
  • C:\Users\Admin\AppData\Local\Temp\1F7E.exe
    C:\Users\Admin\AppData\Local\Temp\1F7E.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:3752
    • C:\Windows\SysWOW64\appidtel.exe
      C:\Windows\system32\appidtel.exe
      2⤵
        PID:4304

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\1F7E.exe
      Filesize

      1.3MB

      MD5

      7837c53afd10e26db4ef76f982476367

      SHA1

      bcac84b0acec9d65b687779ac959fe88dafbeded

      SHA256

      2df85ca6a0aa644f1c5f4d66f16a40123164230ef631848c8db07733214446b5

      SHA512

      ca6f597a60105dd09bef918c4026c586c1380f9457d5a51febfa6452b2c6793b9bcbc90c3548535337e8071235025bf6a2f2361bf2e1f63182072d96302b97ec

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\1F7E.exe
      Filesize

      1.3MB

      MD5

      7837c53afd10e26db4ef76f982476367

      SHA1

      bcac84b0acec9d65b687779ac959fe88dafbeded

      SHA256

      2df85ca6a0aa644f1c5f4d66f16a40123164230ef631848c8db07733214446b5

      SHA512

      ca6f597a60105dd09bef918c4026c586c1380f9457d5a51febfa6452b2c6793b9bcbc90c3548535337e8071235025bf6a2f2361bf2e1f63182072d96302b97ec

      Download Submit

    • memory/1896-120-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-121-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-122-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-123-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-124-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-125-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-126-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-128-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-129-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-130-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-131-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-132-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-133-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-134-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-135-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-136-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-138-0x00000000004C0000-0x000000000056E000-memory.dmp

      Filesize

      696KB

      Download

    • memory/1896-137-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-139-0x0000000000490000-0x0000000000499000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1896-140-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-141-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-142-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-143-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-144-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-145-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-146-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-147-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-148-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-150-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1896-149-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-151-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-152-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-153-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-154-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-155-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-156-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/1896-157-0x0000000000400000-0x000000000043C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1896-158-0x0000000000490000-0x0000000000499000-memory.dmp

      Filesize

      36KB

      Download

    • memory/3752-162-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-161-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-163-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-164-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-165-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-166-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-167-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-170-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-171-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-172-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-173-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-174-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-175-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-176-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-178-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-177-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-179-0x0000000000970000-0x0000000000A9B000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3752-181-0x00000000024F0000-0x00000000027B2000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/3752-183-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-184-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-185-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-186-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-187-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-189-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-190-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-191-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-193-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-192-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-188-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-180-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-182-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/3752-199-0x0000000000400000-0x00000000006CE000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/3752-207-0x0000000000970000-0x0000000000A9B000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3752-208-0x00000000024F0000-0x00000000027B2000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/3752-209-0x0000000000400000-0x00000000006CE000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/3752-211-0x0000000000400000-0x00000000006CE000-memory.dmp

      Filesize

      2.8MB

      Download

    • memory/4304-196-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4304-195-0x0000000077250000-0x00000000773DE000-memory.dmp

      Filesize

      1.6MB

      Download