Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21-12-2022 07:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a188a7591b9d41088a8fa766bd9941ad91c75b0e9e7a17a495dfdc215caa1962.exe

  • Size

    220KB

  • MD5

    276e04678fa2905941b386c8bac0cd9d

  • SHA1

    1a9dfd3e3a31e05fddf6029ffb7a8812a27de5da

  • SHA256

    a188a7591b9d41088a8fa766bd9941ad91c75b0e9e7a17a495dfdc215caa1962

  • SHA512

    de28819226f7aa7650d20d6983df4df437bd4c56ba570378c6c27fb8e1d43ce8e225532675e58743fb520f5231a15b6f13bb4d3bda73f037c0aa89cff7729df7

  • SSDEEP

    3072:nYtA0Lv4t15nTYb9FUG444voX8PHtHMD9V+UzKKjphlji7b/PnOoYNHCDml:YHLv4sqw8ftHkUUzKKFW3nqCa

Score
10/10
danabotbankertrojan

Malware Config

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot
  • Blocklisted process makes network request 3 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 1 IoCs
  • Deletes itself 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 19 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 36 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 18 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a188a7591b9d41088a8fa766bd9941ad91c75b0e9e7a17a495dfdc215caa1962.exe
    "C:\Users\Admin\AppData\Local\Temp\a188a7591b9d41088a8fa766bd9941ad91c75b0e9e7a17a495dfdc215caa1962.exe"
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: MapViewOfSection
    PID:5112
  • C:\Users\Admin\AppData\Local\Temp\FFB2.exe
    C:\Users\Admin\AppData\Local\Temp\FFB2.exe
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:4756
    • C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Users\Admin\AppData\Local\Temp\Qsedeqtedeooeo.tmp",Wufaiiuuye
      2⤵
      • Blocklisted process makes network request
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Checks processor information in registry
      • Suspicious use of WriteProcessMemory
      PID:4240
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\shell32.dll",#61 14138
        3⤵
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        PID:5012
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:804

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Modify Registry

    1
    T1112

    Credential Access

    Discovery

    System Information Discovery

    3
    T1082

    Query Registry

    2
    T1012

    Peripheral Device Discovery

    1
    T1120

    Lateral Movement

    Collection

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\FFB2.exe
      Filesize

      1.1MB

      MD5

      5da677383072aa1b16364c5d580414f2

      SHA1

      4e9cc6e2e72453eac12712f5306595ba4d1f4e43

      SHA256

      58a00d29777fea23590c05479d84bdc35fe11c71a630cff6a7de868e6464248e

      SHA512

      ba70922a2352e3443fc24d695e9fafe1f63a495fffcc060c3ce320c544aa2228ec101a7970ab4c3580339b3e3815a88dce7a017e84416b1f86bdf75ce4482b76

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\FFB2.exe
      Filesize

      1.1MB

      MD5

      5da677383072aa1b16364c5d580414f2

      SHA1

      4e9cc6e2e72453eac12712f5306595ba4d1f4e43

      SHA256

      58a00d29777fea23590c05479d84bdc35fe11c71a630cff6a7de868e6464248e

      SHA512

      ba70922a2352e3443fc24d695e9fafe1f63a495fffcc060c3ce320c544aa2228ec101a7970ab4c3580339b3e3815a88dce7a017e84416b1f86bdf75ce4482b76

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\Qsedeqtedeooeo.tmp
      Filesize

      797KB

      MD5

      24925b25552a7d8f1d3292071e545920

      SHA1

      f786e1d40df30f6fed0301d60c823b655f2d6eac

      SHA256

      9931503a3ab908d2840dae6a7cb77a5abc5e77cc67af405d1329b7dfc3fe800b

      SHA512

      242dbf94b06e67fdf0aac29b2f38ce4929d156c42e2413565f203cda1fdb6458e34b26eeb0151fe4f1914432be28b16d648affa63f20c7b480c54e2d9360fb26

      Download Submit
    • \Users\Admin\AppData\Local\Temp\Qsedeqtedeooeo.tmp
      Filesize

      797KB

      MD5

      24925b25552a7d8f1d3292071e545920

      SHA1

      f786e1d40df30f6fed0301d60c823b655f2d6eac

      SHA256

      9931503a3ab908d2840dae6a7cb77a5abc5e77cc67af405d1329b7dfc3fe800b

      SHA512

      242dbf94b06e67fdf0aac29b2f38ce4929d156c42e2413565f203cda1fdb6458e34b26eeb0151fe4f1914432be28b16d648affa63f20c7b480c54e2d9360fb26

      Download Submit
    • memory/4240-325-0x0000000006640000-0x0000000006D65000-memory.dmp
      Filesize

      7.1MB

      Download
    • memory/4240-322-0x00000000062D9000-0x00000000062DB000-memory.dmp
      Filesize

      8KB

      Download
    • memory/4240-308-0x0000000006640000-0x0000000006D65000-memory.dmp
      Filesize

      7.1MB

      Download
    • memory/4240-206-0x0000000000000000-mapping.dmp
      Download
    • memory/4756-186-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-180-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-170-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-165-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-166-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-164-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-209-0x0000000000400000-0x0000000000540000-memory.dmp
      Filesize

      1.2MB

      Download
    • memory/4756-194-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-193-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-192-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-191-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-190-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-189-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-188-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-187-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-184-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-185-0x0000000000400000-0x0000000000540000-memory.dmp
      Filesize

      1.2MB

      Download
    • memory/4756-183-0x00000000022D0000-0x0000000002400000-memory.dmp
      Filesize

      1.2MB

      Download
    • memory/4756-182-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-195-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-181-0x0000000000840000-0x0000000000930000-memory.dmp
      Filesize

      960KB

      Download
    • memory/4756-179-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-178-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-177-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-176-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-169-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-175-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-174-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-173-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-172-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-158-0x0000000000000000-mapping.dmp
      Download
    • memory/4756-171-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-160-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-161-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-162-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/4756-163-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5012-317-0x00007FF799195FD0-mapping.dmp
      Download
    • memory/5012-323-0x0000000000240000-0x0000000000459000-memory.dmp
      Filesize

      2.1MB

      Download
    • memory/5012-324-0x000002CA9E5F0000-0x000002CA9E81A000-memory.dmp
      Filesize

      2.2MB

      Download
    • memory/5112-150-0x0000000000400000-0x0000000000462000-memory.dmp
      Filesize

      392KB

      Download
    • memory/5112-153-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-122-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-128-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-157-0x0000000000400000-0x0000000000462000-memory.dmp
      Filesize

      392KB

      Download
    • memory/5112-156-0x0000000000721000-0x0000000000732000-memory.dmp
      Filesize

      68KB

      Download
    • memory/5112-155-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-154-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-148-0x0000000000470000-0x00000000005BA000-memory.dmp
      Filesize

      1.3MB

      Download
    • memory/5112-152-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-151-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-149-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-129-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-146-0x0000000000721000-0x0000000000732000-memory.dmp
      Filesize

      68KB

      Download
    • memory/5112-147-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-145-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-120-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-144-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-143-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-142-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-141-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-140-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-139-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-138-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-137-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-136-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-127-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-135-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-126-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-134-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-125-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-124-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-123-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-133-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-132-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-131-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-130-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/5112-121-0x0000000077AA0000-0x0000000077C2E000-memory.dmp
      Filesize

      1.6MB

      Download