59ddabdcb5b43bbc66bbec89123d2627.exe

General
Target

59ddabdcb5b43bbc66bbec89123d2627.exe

Size

265KB

Sample

220109-j8fz6addd9

Score
10 /10
MD5

59ddabdcb5b43bbc66bbec89123d2627

SHA1

6c33dde51d6b45319ad99408c10f6ad8b1340e2f

SHA256

2d0bd38ea59864cdcd710759abea3f670449eb4505b54c8a8d22128691deefc1

SHA512

56463528dc37c141519535140a24d0ce02ca2227ef8c302494e422109e5d6b83a5d6ac5f2b698838e29661cd9dd986d9a2dc0f7c3c4f025f5283cebca052b8b3

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://nahbleiben.at/upload/

http://noblecreativeaz.com/upload/

http://tvqaq.cn/upload/

http://recmaster.ru/upload/

http://sovels.ru/upload/

rc4.i32
rc4.i32

Extracted

Family danabot
Botnet 4
C2

192.119.110.4:443

103.175.16.113:443

Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

59ddabdcb5b43bbc66bbec89123d2627.exe

MD5

59ddabdcb5b43bbc66bbec89123d2627

Filesize

265KB

Score
10/10
SHA1

6c33dde51d6b45319ad99408c10f6ad8b1340e2f

SHA256

2d0bd38ea59864cdcd710759abea3f670449eb4505b54c8a8d22128691deefc1

SHA512

56463528dc37c141519535140a24d0ce02ca2227ef8c302494e422109e5d6b83a5d6ac5f2b698838e29661cd9dd986d9a2dc0f7c3c4f025f5283cebca052b8b3

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10