Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    21d3b533ce4f5c239b7a3217a94470be5170db6e0fe3b1fd6dc5042aa905e76c

  • Size

    306KB

  • Sample

    220916-z9q5hscdhj

  • MD5

    ec565f7e33a95a7be7c0229ff543837c

  • SHA1

    9318b2ddad974053d944540cbe5a4116275a0826

  • SHA256

    21d3b533ce4f5c239b7a3217a94470be5170db6e0fe3b1fd6dc5042aa905e76c

  • SHA512

    63ef42a9fd4e0970aa44e27214c3ea932394eda543170022d0ba5d74105167b6b8a54f3808c42156a56f1385f71e26bb11f481f79d88b65f14bd3c29adec1fdc

  • SSDEEP

    6144:AFFEkLURyX4+EAOrRm0q0SQzQnigabwVf:MFHwRyX3NQR5SQzQi

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

C2

103.144.139.228:443

213.227.154.98:443

66.85.147.23:443

153.92.223.225:443
Attributes
  • embedded_hash

    A64A3A6ED13022027B84C77D31BE0C74

  • type

    loader

Targets

    • Target

      21d3b533ce4f5c239b7a3217a94470be5170db6e0fe3b1fd6dc5042aa905e76c

    • Size

      306KB

    • MD5

      ec565f7e33a95a7be7c0229ff543837c

    • SHA1

      9318b2ddad974053d944540cbe5a4116275a0826

    • SHA256

      21d3b533ce4f5c239b7a3217a94470be5170db6e0fe3b1fd6dc5042aa905e76c

    • SHA512

      63ef42a9fd4e0970aa44e27214c3ea932394eda543170022d0ba5d74105167b6b8a54f3808c42156a56f1385f71e26bb11f481f79d88b65f14bd3c29adec1fdc

    • SSDEEP

      6144:AFFEkLURyX4+EAOrRm0q0SQzQnigabwVf:MFHwRyX3NQR5SQzQi

    Score
    10/10
    danabotsmokeloaderbackdoorbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks