Extracted

• • Target

    b7add073ce219b036540aa86d14850a9c56ea260afcb2ca970e71432efbce39d

  • Size

    304KB

  • MD5

    f76e9ddbb573bfa72c2196a548c873cc

  • SHA1

    8a72e8da7b9afa221becf1276162b8d091b32069

  • SHA256

    b7add073ce219b036540aa86d14850a9c56ea260afcb2ca970e71432efbce39d

  • SHA512

    38e08634f2a908b0ded7cee00acc436917e4b5b8a7f2da1e36c09967b377eacedf1964636174aaec41a1b32d2ca57d1de4e6eec8579918ac20e963ce9d266a0c

  • SSDEEP

    6144:CTID1B6C3bSyMOe6O2aWd0ohg8ij9HEwFJxsfnxAL5TdrOyWEG499LOw6OXsTJDf:CcSC3bSyMOeZ2aWd0ohg8iVEwFJSAL5

  Score

  10^/10

  danabotsmokeloaderbackdoorbankerdiscoverytrojan

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Detects Smokeloader packer

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1