Overview
overview
10Static
static
10The-MALWAR...ot.exe
windows7-x64
10The-MALWAR...ot.exe
windows10-2004-x64
10The-MALWAR...ll.exe
windows7-x64
10The-MALWAR...ll.exe
windows10-2004-x64
10The-MALWAR...BS.exe
windows7-x64
10The-MALWAR...BS.exe
windows10-2004-x64
10The-MALWAR...in.exe
windows7-x64
7The-MALWAR...in.exe
windows10-2004-x64
7The-MALWAR....A.exe
windows7-x64
7The-MALWAR....A.exe
windows10-2004-x64
7The-MALWAR....A.exe
windows7-x64
10The-MALWAR....A.exe
windows10-2004-x64
10The-MALWAR....A.dll
windows7-x64
7The-MALWAR....A.dll
windows10-2004-x64
6The-MALWAR...r.xlsm
windows7-x64
10The-MALWAR...r.xlsm
windows10-2004-x64
10The-MALWAR...658754
ubuntu-18.04-amd64
8The-MALWAR...e3c0f1
ubuntu-18.04-amd64
8The-MALWAR...b16793
ubuntu-18.04-amd64
8The-MALWAR...9fd013
ubuntu-18.04-amd64
8The-MALWAR...17bf0d
ubuntu-18.04-amd64
8The-MALWAR...11b2b2
ubuntu-18.04-amd64
8The-MALWAR...18cd3a
ubuntu-18.04-amd64
8The-MALWAR...c0b6aa
ubuntu-18.04-amd64
8The-MALWAR...cec74a
ubuntu-18.04-amd64
8The-MALWAR...5211bb
ubuntu-18.04-amd64
8The-MALWAR...b7a014
ubuntu-18.04-amd64
8The-MALWAR...dafcbf
ubuntu-18.04-amd64
8The-MALWAR...ecdf6f
ubuntu-18.04-amd64
8The-MALWAR...ace289
ubuntu-18.04-amd64
8The-MALWAR...8ea4f5
ubuntu-18.04-amd64
8The-MALWAR...c6d281
ubuntu-18.04-amd64
8Analysis
-
max time kernel
138s -
max time network
157s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
27-01-2024 14:19
Static task
static1
Behavioral task
behavioral1
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/DanaBot.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/Dridex.JhiSharp.dll.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexDroppedVBS.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/DridexLoader.bin.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.dll
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Zloader.xlsm
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/001eb377f0452060012124cb214f658754
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral18
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/041bc20ca8ac3161098cbc976e67e3c0f1
Resource
ubuntu1804-amd64-20231222-en
Behavioral task
behavioral19
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/0ab8836efcaa62c7daac314e0b7ab16793
Resource
ubuntu1804-amd64-20231221-en
Behavioral task
behavioral20
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/103b8404dc64c9a44511675981a09fd013
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral21
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/2378e76aba1ad6e0c937fb39989217bf0d
Resource
ubuntu1804-amd64-20231222-en
Behavioral task
behavioral22
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/30c150419000d27dafcd5d00702411b2b2
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral23
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/3205603282a636979a55aa1e1be518cd3a
Resource
ubuntu1804-amd64-20231221-en
Behavioral task
behavioral24
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/453468b86856665f2cc0e0e71668c0b6aa
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral25
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/5fb29fb0136978b9ccf60750af09cec74a
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral26
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/6fe6808b9cfe654f526108ec61cb5211bb
Resource
ubuntu1804-amd64-20231221-en
Behavioral task
behavioral27
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/7745b070943e910e8807e3521ac7b7a014
Resource
ubuntu1804-amd64-20231222-en
Behavioral task
behavioral28
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/7f18e5b5b7645a80a0d44adf3fecdafcbf
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral29
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/90b61cc77bb2d726219fd00ae2d0ecdf6f
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral30
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/9384b9e39334479194aacb53cb25ace289
Resource
ubuntu1804-amd64-20231215-en
Behavioral task
behavioral31
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/985ffee662969825146d1b465d068ea4f5
Resource
ubuntu1804-amd64-20231221-en
Behavioral task
behavioral32
Sample
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Botnets/FritzFrog/d1e82d4a37959a9e6b661e31b8c8c6d281
Resource
ubuntu1804-amd64-20231222-en
General
-
Target
The-MALWARE-Repo-master/The-MALWARE-Repo-master/Banking-Malware/Dridex/Trojan.Dridex.A.exe
-
Size
152KB
-
MD5
6164228ed2cc0eceba9ce1828d87d827
-
SHA1
cea5bc473c948a78ce565b6e195e6e25f029c0c6
-
SHA256
7fa83f0588f0f50d0635313918137c05cb59aa672d842f864073aebb72c66195
-
SHA512
b53ac27397ce5453fa008d1a2e98f9f66be7d7f08375b92c88007544c09ab844d6c8eeceb2221c988e0a0d6ffc2a8a290e49715e3062a74bcd2310d41bffcc37
-
SSDEEP
3072:VqD/ri6AM4odK4J663POAQgG8rYKvh+5Nl:V0xlIBwPOA+8Zhu
Malware Config
Signatures
-
Deletes itself 1 IoCs
Processes:
svchost.exepid process 1248 svchost.exe -
Discovers systems in the same network 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
Trojan.Dridex.A.exesvchost.exepid process 2616 Trojan.Dridex.A.exe 2616 Trojan.Dridex.A.exe 2616 Trojan.Dridex.A.exe 2616 Trojan.Dridex.A.exe 1248 svchost.exe 1248 svchost.exe 1248 svchost.exe 1248 svchost.exe -
Suspicious use of AdjustPrivilegeToken 28 IoCs
Processes:
Trojan.Dridex.A.exewhoami.exedescription pid process Token: SeRestorePrivilege 2616 Trojan.Dridex.A.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe Token: SeDebugPrivilege 2036 whoami.exe -
Suspicious use of WriteProcessMemory 10 IoCs
Processes:
Trojan.Dridex.A.exesvchost.exedescription pid process target process PID 2616 wrote to memory of 1248 2616 Trojan.Dridex.A.exe svchost.exe PID 2616 wrote to memory of 1248 2616 Trojan.Dridex.A.exe svchost.exe PID 2616 wrote to memory of 1248 2616 Trojan.Dridex.A.exe svchost.exe PID 2616 wrote to memory of 1248 2616 Trojan.Dridex.A.exe svchost.exe PID 1248 wrote to memory of 2036 1248 svchost.exe whoami.exe PID 1248 wrote to memory of 2036 1248 svchost.exe whoami.exe PID 1248 wrote to memory of 2036 1248 svchost.exe whoami.exe PID 1248 wrote to memory of 2360 1248 svchost.exe net.exe PID 1248 wrote to memory of 2360 1248 svchost.exe net.exe PID 1248 wrote to memory of 2360 1248 svchost.exe net.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\Dridex\Trojan.Dridex.A.exe"C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\Dridex\Trojan.Dridex.A.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2616 -
C:\Windows\SysWOW64\svchost.exeC:\Windows\system32\svchost.exe "C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Banking-Malware\Dridex\Trojan.Dridex.A.exe"2⤵
- Deletes itself
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1248 -
C:\Windows\SysWOW64\whoami.exeC:\Windows\system32\whoami.exe /all3⤵
- Suspicious use of AdjustPrivilegeToken
PID:2036
-
-
C:\Windows\SysWOW64\net.exeC:\Windows\system32\net.exe view3⤵
- Discovers systems in the same network
PID:2360
-
-