Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    17/10/2022, 17:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b154251b524721e5bbd59b830e76e4cb7c8e20c0555c2d1d4092c7c970a4a879.exe

  • Size

    216KB

  • MD5

    4ae89242ec0cfd7252d7d2b2def33e53

  • SHA1

    2699edbdfac71959cd2b76b78ad4d0e851bdc418

  • SHA256

    b154251b524721e5bbd59b830e76e4cb7c8e20c0555c2d1d4092c7c970a4a879

  • SHA512

    6c304ccaa39eb7d7a71169dab94fe913a67ea4afaa36ed8cf47847ae81184babf4ad15c65658456a2c176b9f47231a6d47c57498f98560368f666108f2e2e4f9

  • SSDEEP

    3072:GRAZfSxKeEYzwK9CJLtEkYaiEMCZBkboMQ/bMpkor03pp:GGZY5zlILtXYaEoMYbVog3p

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443
Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Detects Smokeloader packer 1 IoCs
  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Program crash 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs
  • Suspicious use of WriteProcessMemory 25 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b154251b524721e5bbd59b830e76e4cb7c8e20c0555c2d1d4092c7c970a4a879.exe
    "C:\Users\Admin\AppData\Local\Temp\b154251b524721e5bbd59b830e76e4cb7c8e20c0555c2d1d4092c7c970a4a879.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:4324
  • C:\Users\Admin\AppData\Local\Temp\F6C8.exe
    C:\Users\Admin\AppData\Local\Temp\F6C8.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:3784
    • C:\Windows\SysWOW64\appidtel.exe
      C:\Windows\system32\appidtel.exe
      2⤵
        PID:3056
      • C:\Windows\syswow64\rundll32.exe
        "C:\Windows\syswow64\rundll32.exe" "C:\Windows\syswow64\shell32.dll",#61
        2⤵
          PID:4272
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 604
          2⤵
          • Program crash
          PID:4296
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 608
          2⤵
          • Program crash
          PID:3580

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\F6C8.exe
              Filesize

              1.3MB

              MD5

              4301b70694aa61bc7bd67e4abdd2d701

              SHA1

              d5a591abb49bd6770ce778b852f17f64d7d2a827

              SHA256

              c2c61cdd983e97eccc60d93ce4d30c9acba5fcd02c99f9378d374bb2eb64193c

              SHA512

              a5136cc158db7fe7e4bb2028d929e2aec0c65cee07c457bc01c38e774e3cf8b363237e5c61f670f32f335881eea835c96e66abffe10f5021b2ec2972dbc75726

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\F6C8.exe
              Filesize

              1.3MB

              MD5

              4301b70694aa61bc7bd67e4abdd2d701

              SHA1

              d5a591abb49bd6770ce778b852f17f64d7d2a827

              SHA256

              c2c61cdd983e97eccc60d93ce4d30c9acba5fcd02c99f9378d374bb2eb64193c

              SHA512

              a5136cc158db7fe7e4bb2028d929e2aec0c65cee07c457bc01c38e774e3cf8b363237e5c61f670f32f335881eea835c96e66abffe10f5021b2ec2972dbc75726

              Download Submit

            • memory/3056-193-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3056-192-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-177-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-180-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-223-0x0000000000400000-0x00000000006CE000-memory.dmp

              Filesize

              2.8MB

              Download

            • memory/3784-207-0x0000000000400000-0x00000000006CE000-memory.dmp

              Filesize

              2.8MB

              Download

            • memory/3784-205-0x0000000000400000-0x00000000006CE000-memory.dmp

              Filesize

              2.8MB

              Download

            • memory/3784-204-0x00000000023E0000-0x00000000026A2000-memory.dmp

              Filesize

              2.8MB

              Download

            • memory/3784-196-0x0000000000400000-0x00000000006CE000-memory.dmp

              Filesize

              2.8MB

              Download

            • memory/3784-190-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-188-0x00000000023E0000-0x00000000026A2000-memory.dmp

              Filesize

              2.8MB

              Download

            • memory/3784-189-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-160-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-187-0x00000000008B0000-0x00000000009D3000-memory.dmp

              Filesize

              1.1MB

              Download

            • memory/3784-186-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-185-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-184-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-183-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-182-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-181-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-179-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-178-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-176-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-175-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-174-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-173-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-172-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-161-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-170-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-169-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-168-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-167-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-164-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-163-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-158-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-162-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-159-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/3784-171-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-124-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-151-0x00000000005F0000-0x00000000005F9000-memory.dmp

              Filesize

              36KB

              Download

            • memory/4324-155-0x0000000000400000-0x0000000000593000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-154-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-122-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-140-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-152-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-153-0x0000000000400000-0x0000000000593000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-141-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-150-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-148-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-147-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-146-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-145-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-144-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-118-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-143-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-134-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-123-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-142-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-149-0x0000000000640000-0x000000000078A000-memory.dmp

              Filesize

              1.3MB

              Download

            • memory/4324-139-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-138-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-137-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-136-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-135-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-133-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-132-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-131-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-121-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-120-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-119-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-130-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-129-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-128-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-127-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download

            • memory/4324-126-0x00000000776D0000-0x000000007785E000-memory.dmp

              Filesize

              1.6MB

              Download