ca8990349224f84d04c36c55bf71b11376e8c9008909680bcc63519b3f1c1439.zip

General
Target

ca8990349224f84d04c36c55bf71b11376e8c9008909680bcc63519b3f1c1439.zip

Size

119KB

Sample

220109-s3kktsdhfm

Score
10 /10
MD5

9d80de2b8ab636bc5e3c9e84311f4bbe

SHA1

b80d069b9ab74d3f43cd75ee25e2068a43344b5f

SHA256

96e66b4ae99b64723c465071112d406e2d9311b784b0e51dbe4af769bd7ea59e

SHA512

0bdf0bc4beac1ae5dcabbef83d6cb275b1b5a4e5a2311ecaed60797366d06785739b34311f0127ae50e1e49328204324ab1f2f419793b17a17a542954bc9d1a7

Malware Config

Extracted

Family smokeloader
Version 2020
C2

http://nahbleiben.at/upload/

http://noblecreativeaz.com/upload/

http://tvqaq.cn/upload/

http://recmaster.ru/upload/

http://sovels.ru/upload/

rc4.i32
rc4.i32

Extracted

Family danabot
Botnet 4
C2

192.119.110.4:443

103.175.16.113:443

Attributes
embedded_hash
422236FD601D11EE82825A484D26DD6F
type
loader
rsa_pubkey.plain
rsa_privkey.plain
Targets
Target

61dae93d780db_Sun139.exe

MD5

c817d8a9ea3ed03f247e2f0a000a675a

Filesize

293KB

Score
10/10
SHA1

4194929b5a02524e1e24179014fa13e95a93ee1a

SHA256

ca8990349224f84d04c36c55bf71b11376e8c9008909680bcc63519b3f1c1439

SHA512

08369b4303d481e42a7923fcf7606fef1379060fd65ecd0e224af48f396370e58421e9247471327f44e27166479c0944a57d37312888d42f532bbd661378a618

Tags

Signatures

  • Danabot

    Description

    Danabot is a modular banking Trojan that has been linked with other malware.

    Tags

  • Danabot Loader Component

  • SmokeLoader

    Description

    Modular backdoor trojan in use since 2014.

    Tags

  • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Description

    suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Deletes itself

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation