danabot | 037e1a172f2c4044729a7a73e82bcb6193b132e00df5b665efcc55d192a88d57 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

037e1a172f2c4044729a7a73e82bcb6193b132e00df5b665efcc55d192a88d57
Size

301KB
Sample

220916-t3w5asbhgq
MD5

aff64082fe89b274f9d05e28670ec4f1
SHA1

2bda6f8594e7e2d30c0c8c11bcf5a64ece090035
SHA256

037e1a172f2c4044729a7a73e82bcb6193b132e00df5b665efcc55d192a88d57
SHA512

baae6667e6b46eb44bba1f8fd1be272a13cfcf9a9f89a05be684f3b2001f46d61a7a14eb6bfbd16b7db9310da4e86c657714a04dadb3479c812f5ebbe19ca955
SSDEEP

3072:zZXj4PzoC5J07h4LkOC2RyRZI0JXqzLoYCIjkL6Rn0KbbGWpWIM/h3BsxkgaBCho:hjSkF4Lk5XiLfNo6Rn0GbWInigabwVf

Score

10^/10

danabot smokeloader backdoor banker trojan

Malware Config

Extracted

Family

danabot

C2

103.144.139.228:443

213.227.154.98:443

66.85.147.23:443

153.92.223.225:443

Attributes

embedded_hash
A64A3A6ED13022027B84C77D31BE0C74
type
loader

Targets

- Target
  
  037e1a172f2c4044729a7a73e82bcb6193b132e00df5b665efcc55d192a88d57
- Size
  
  301KB
- MD5
  
  aff64082fe89b274f9d05e28670ec4f1
- SHA1
  
  2bda6f8594e7e2d30c0c8c11bcf5a64ece090035
- SHA256
  
  037e1a172f2c4044729a7a73e82bcb6193b132e00df5b665efcc55d192a88d57
- SHA512
  
  baae6667e6b46eb44bba1f8fd1be272a13cfcf9a9f89a05be684f3b2001f46d61a7a14eb6bfbd16b7db9310da4e86c657714a04dadb3479c812f5ebbe19ca955
- SSDEEP
  
  3072:zZXj4PzoC5J07h4LkOC2RyRZI0JXqzLoYCIjkL6Rn0KbbGWpWIM/h3BsxkgaBCho:hjSkF4Lk5XiLfNo6Rn0GbWInigabwVf
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan