Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    e017dd97109b67d634e66b76676a1e840612418cfa45ed5bbee319871911f197

  • Size

    5.6MB

  • Sample

    221217-hfyttsgc46

  • MD5

    f531ce7ae00aa330d78a225784ed8547

  • SHA1

    d852cddba6d1f2617ebb7dd95d1ad6ab20c64e70

  • SHA256

    e017dd97109b67d634e66b76676a1e840612418cfa45ed5bbee319871911f197

  • SHA512

    f1ca41143adde44c849dc62718cfa928f1d17924d1885fe812fd38e19cd204702521f20fa5d7a81075839b48638d9c248a4c1c1c9f88822fd7c31043e7f6452e

  • SSDEEP

    98304:BafJVPlzBtcmiTb1qbLlGLHVN+AKjhQ5n3Y3LXb6Pkl9zSCFIX+33MLQ:BafrlDGTgbLYzVNCGn3Y7X2Py6y3M

Score
10/10
danabotbankertrojan

Malware Config

Targets

    • Target

      e017dd97109b67d634e66b76676a1e840612418cfa45ed5bbee319871911f197

    • Size

      5.6MB

    • MD5

      f531ce7ae00aa330d78a225784ed8547

    • SHA1

      d852cddba6d1f2617ebb7dd95d1ad6ab20c64e70

    • SHA256

      e017dd97109b67d634e66b76676a1e840612418cfa45ed5bbee319871911f197

    • SHA512

      f1ca41143adde44c849dc62718cfa928f1d17924d1885fe812fd38e19cd204702521f20fa5d7a81075839b48638d9c248a4c1c1c9f88822fd7c31043e7f6452e

    • SSDEEP

      98304:BafJVPlzBtcmiTb1qbLlGLHVN+AKjhQ5n3Y3LXb6Pkl9zSCFIX+33MLQ:BafrlDGTgbLYzVNCGn3Y7X2Py6y3M

    Score
    10/10
    danabotbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks