danabot | 8ddbab254ff9681c839f2009b0359638a3987875620ae6fb117f3fc03b364419 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

8ddbab254ff9681c839f2009b0359638a3987875620ae6fb117f3fc03b364419
Size

197KB
Sample

220924-k42xhacccp
MD5

32ac7d938ce49380bffed36312dcc45f
SHA1

e1ca9d30ca8514ee542a22c94be0e12b0b7ffd33
SHA256

8ddbab254ff9681c839f2009b0359638a3987875620ae6fb117f3fc03b364419
SHA512

aeb143bb539281d1bb7dfdeee1780f9942405d0e782a74b7904034256b3ffdc4dd14ccdeb5aa3be6b3c516c2ef39ad6228778154641e5838ca11b33533610c0b
SSDEEP

3072:jV/43XLawpFtxE+c85nO199kuDnbiBEZfkk7qD1AXe8uVBYo6/PkF4x:jOLaEtxE+ZO1bku6ykkc1uJJo

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

8ddbab254ff9681c839f2009b0359638a3987875620ae6fb117f3fc03b364419.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Targets

- Target
  
  8ddbab254ff9681c839f2009b0359638a3987875620ae6fb117f3fc03b364419
- Size
  
  197KB
- MD5
  
  32ac7d938ce49380bffed36312dcc45f
- SHA1
  
  e1ca9d30ca8514ee542a22c94be0e12b0b7ffd33
- SHA256
  
  8ddbab254ff9681c839f2009b0359638a3987875620ae6fb117f3fc03b364419
- SHA512
  
  aeb143bb539281d1bb7dfdeee1780f9942405d0e782a74b7904034256b3ffdc4dd14ccdeb5aa3be6b3c516c2ef39ad6228778154641e5838ca11b33533610c0b
- SSDEEP
  
  3072:jV/43XLawpFtxE+c85nO199kuDnbiBEZfkk7qD1AXe8uVBYo6/PkF4x:jOLaEtxE+ZO1bku6ykkc1uJJo
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy