cf10cad3b15bac59bdf48a71791d3affd9f13606e8bcc.exe

General
Target

cf10cad3b15bac59bdf48a71791d3affd9f13606e8bcc.exe

Size

294KB

Sample

220107-3jaavscfh6

Score
10 /10
MD5

9f8c223419e4ca39e46ed2da0805f9a0

SHA1

713be358293818902836f426404830c5f49a8a54

SHA256

cf10cad3b15bac59bdf48a71791d3affd9f13606e8bcc7311756a1309f866e9a

SHA512

7dc2816b964707659bdee595f627e4e0a2d416fcd93a0bd74091bd3cc17affe55f7efae06deec8a79ab642152523baefb8dd9daddf2541a52f25437c610eea9b

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://melchen-testet.at/upload/

http://zjymf.com/upload/

http://pbxbmu70275.cn/upload/

http://mnenenravitsya.ru/upload/

http://pitersprav.ru/upload/

rc4.i32
rc4.i32

Extracted

Family danabot
Botnet 4
C2

192.236.194.72:443

192.119.110.4:443

Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

cf10cad3b15bac59bdf48a71791d3affd9f13606e8bcc.exe

MD5

9f8c223419e4ca39e46ed2da0805f9a0

Filesize

294KB

Score
10/10
SHA1

713be358293818902836f426404830c5f49a8a54

SHA256

cf10cad3b15bac59bdf48a71791d3affd9f13606e8bcc7311756a1309f866e9a

SHA512

7dc2816b964707659bdee595f627e4e0a2d416fcd93a0bd74091bd3cc17affe55f7efae06deec8a79ab642152523baefb8dd9daddf2541a52f25437c610eea9b

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks