Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee4a5edf71fdd7e60e4fc6bc05bcadb0ab766c9b7b514804afac9deb5ebed9c3

  • Size

    259KB

  • Sample

    221027-r9kczacea4

  • MD5

    b15f6a5eecb7b2d94fa5880f72f9f625

  • SHA1

    1add1a0163c61d5b32969edc899e6799f78e85f8

  • SHA256

    ee4a5edf71fdd7e60e4fc6bc05bcadb0ab766c9b7b514804afac9deb5ebed9c3

  • SHA512

    b8aee7b297499910701155f7b959c6fa36eeabffefd8ef243bca0fbfde99dff653176b45337a1e4050da298e51c67dc6287ebeae38c6007d6fa84b54e6339cbd

  • SSDEEP

    3072:SXKjOcb00D0BTKXvh45z8KxfTe+mEewEYx3Fyb34k8i7irn+6cp40Ko:SzsRuTKXv4bqE1ssiWSe0T

Score
10/10
danabotbankertrojan

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    BBBB0DB8CB7E6D152424535822E445A7

  • type

    loader

Targets

    • Target

      ee4a5edf71fdd7e60e4fc6bc05bcadb0ab766c9b7b514804afac9deb5ebed9c3

    • Size

      259KB

    • MD5

      b15f6a5eecb7b2d94fa5880f72f9f625

    • SHA1

      1add1a0163c61d5b32969edc899e6799f78e85f8

    • SHA256

      ee4a5edf71fdd7e60e4fc6bc05bcadb0ab766c9b7b514804afac9deb5ebed9c3

    • SHA512

      b8aee7b297499910701155f7b959c6fa36eeabffefd8ef243bca0fbfde99dff653176b45337a1e4050da298e51c67dc6287ebeae38c6007d6fa84b54e6339cbd

    • SSDEEP

      3072:SXKjOcb00D0BTKXvh45z8KxfTe+mEewEYx3Fyb34k8i7irn+6cp40Ko:SzsRuTKXv4bqE1ssiWSe0T

    Score
    10/10
    danabotbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks