Description
Danabot is a modular banking Trojan that has been linked with other malware.
cf10cad3b15bac59bdf48a71791d3affd9f13606e8bcc.exe
General
Target
Size
Sample
cf10cad3b15bac59bdf48a71791d3affd9f13606e8bcc.exe
294KB
220107-3jaavscfh6
Score
10 /10
MD5
SHA1
SHA256
SHA512
9f8c223419e4ca39e46ed2da0805f9a0
713be358293818902836f426404830c5f49a8a54
cf10cad3b15bac59bdf48a71791d3affd9f13606e8bcc7311756a1309f866e9a
7dc2816b964707659bdee595f627e4e0a2d416fcd93a0bd74091bd3cc17affe55f7efae06deec8a79ab642152523baefb8dd9daddf2541a52f25437c610eea9b
Malware Config
Extracted
| Family | smokeloader |
| Version | 2020 |
| C2 |
http://melchen-testet.at/upload/ http://zjymf.com/upload/ http://pbxbmu70275.cn/upload/ http://mnenenravitsya.ru/upload/ http://pitersprav.ru/upload/ |
| rc4.i32 |
|
| rc4.i32 |
|
Extracted
| Family | danabot |
| Botnet | 4 |
| C2 |
192.236.194.72:443 192.119.110.4:443 |
| Attributes |
embedded_hash 422236FD601D11EE82825A484D26DD6F
type loader |
| rsa_pubkey.plain |
|
| rsa_privkey.plain |
|
Targets
Target
MD5
Filesize
cf10cad3b15bac59bdf48a71791d3affd9f13606e8bcc.exe
9f8c223419e4ca39e46ed2da0805f9a0
294KB
Score
10/10
SHA1
SHA256
SHA512
713be358293818902836f426404830c5f49a8a54
cf10cad3b15bac59bdf48a71791d3affd9f13606e8bcc7311756a1309f866e9a
7dc2816b964707659bdee595f627e4e0a2d416fcd93a0bd74091bd3cc17affe55f7efae06deec8a79ab642152523baefb8dd9daddf2541a52f25437c610eea9b
Tags
Signatures
-
Danabot
-
Danabot Loader Component
-
SmokeLoader
Description
Modular backdoor trojan in use since 2014.
Tags
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks