Home Malware Programs Droppers DanDrop


Posted: October 8, 2020

DanDrop is a threatening implant, whose development and usage is attributed to a cybercrime organization operating in the Middle East. DanDrop's creators, known as the Lyceum Advanced Persistent Threat (APT) group, are specializing in attacks against companies in the oil, gas and telecommunications. Their threatening operations' goal is to exfiltrate data and credentials from the compromised networks while leaving minimal traces of their activity.

DanDrop Paves the Way for Secondary Payloads

DanDrop appears to be one of the most used first-stage implants of the Lyceum APT. It usually is delivered to the intended target via spear-phishing emails that contain a macro-laced file attachment. The attachment, usually a Microsoft Office document, pretends to be a relevant article or document. Some of the common names that the Lyceum APT hackers use for their decoys are 'The Worst Passwords of 2017' and 'Top 10 Security Practices.' In other cases, the documents had titles written in the native language of the recipient.

The DanDrop Trojan dropper contains a threatening executable in an encrypted state. Upon execution, it will create the folder 'PublicPics' in the 'MyDocuments' directory. After this, it begins decrypting and compiling the payload, which is usually named 'ATrce.exe' and 'ATrce.exe.config.' Finally, it uses a special function to run the executable at a later time.

Mitigating threats like DanDrop can be accomplished with the use of a reliable anti-virus tool, as well as safe Web browsing guidance for all users.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to DanDrop may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner*

* See Free Trial offer below. EULA and Privacy/Cookie Policy.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.