Overview

overview

10

Static

static

61dae93d78...39.exe

windows7_x64

10

61dae93d78...39.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca8990349224f84d04c36c55bf71b11376e8c9008909680bcc63519b3f1c1439.zip

  • Size

    119KB

  • Sample

    220109-s3kktsdhfm

  • MD5

    9d80de2b8ab636bc5e3c9e84311f4bbe

  • SHA1

    b80d069b9ab74d3f43cd75ee25e2068a43344b5f

  • SHA256

    96e66b4ae99b64723c465071112d406e2d9311b784b0e51dbe4af769bd7ea59e

  • SHA512

    0bdf0bc4beac1ae5dcabbef83d6cb275b1b5a4e5a2311ecaed60797366d06785739b34311f0127ae50e1e49328204324ab1f2f419793b17a17a542954bc9d1a7

Score
10/10
danabotsmokeloader4backdoorbankersuricatatrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://nahbleiben.at/upload/

http://noblecreativeaz.com/upload/

http://tvqaq.cn/upload/

http://recmaster.ru/upload/

http://sovels.ru/upload/
rc4.i32
rc4.i32

Extracted

Family

danabot

Botnet

4

C2

192.119.110.4:443

103.175.16.113:443
Attributes
  • embedded_hash

    422236FD601D11EE82825A484D26DD6F

  • type

    loader

rsa_pubkey.plain
rsa_privkey.plain

Targets

    • Target

      61dae93d780db_Sun139.exe

    • Size

      293KB

    • MD5

      c817d8a9ea3ed03f247e2f0a000a675a

    • SHA1

      4194929b5a02524e1e24179014fa13e95a93ee1a

    • SHA256

      ca8990349224f84d04c36c55bf71b11376e8c9008909680bcc63519b3f1c1439

    • SHA512

      08369b4303d481e42a7923fcf7606fef1379060fd65ecd0e224af48f396370e58421e9247471327f44e27166479c0944a57d37312888d42f532bbd661378a618

    Score
    10/10
    danabotsmokeloader4backdoorbankertrojansuricata

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Danabot Loader Component

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks