Overview

overview

10

Static

static

59ddabdcb5...27.exe

windows7_x64

10

59ddabdcb5...27.exe

windows10_x64

10

Resubmissions

09-01-2022 14:33

220109-rwxq5sdhcr 10

09-01-2022 14:06

220109-rejg7aded7 10

09-01-2022 08:20

220109-j8fz6addd9 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    59ddabdcb5b43bbc66bbec89123d2627.exe

  • Size

    265KB

  • Sample

    220109-j8fz6addd9

  • MD5

    59ddabdcb5b43bbc66bbec89123d2627

  • SHA1

    6c33dde51d6b45319ad99408c10f6ad8b1340e2f

  • SHA256

    2d0bd38ea59864cdcd710759abea3f670449eb4505b54c8a8d22128691deefc1

  • SHA512

    56463528dc37c141519535140a24d0ce02ca2227ef8c302494e422109e5d6b83a5d6ac5f2b698838e29661cd9dd986d9a2dc0f7c3c4f025f5283cebca052b8b3

Score
10/10
danabotsmokeloader4backdoorbankertrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://nahbleiben.at/upload/

http://noblecreativeaz.com/upload/

http://tvqaq.cn/upload/

http://recmaster.ru/upload/

http://sovels.ru/upload/
rc4.i32
rc4.i32

Extracted

Family

danabot

Botnet

4

C2

192.119.110.4:443

103.175.16.113:443
Attributes
  • embedded_hash

    422236FD601D11EE82825A484D26DD6F

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      59ddabdcb5b43bbc66bbec89123d2627.exe

    • Size

      265KB

    • MD5

      59ddabdcb5b43bbc66bbec89123d2627

    • SHA1

      6c33dde51d6b45319ad99408c10f6ad8b1340e2f

    • SHA256

      2d0bd38ea59864cdcd710759abea3f670449eb4505b54c8a8d22128691deefc1

    • SHA512

      56463528dc37c141519535140a24d0ce02ca2227ef8c302494e422109e5d6b83a5d6ac5f2b698838e29661cd9dd986d9a2dc0f7c3c4f025f5283cebca052b8b3

    Score
    10/10
    smokeloaderbackdoortrojandanabot4banker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot Loader Component

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks