Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    682ee9d6604ddbc0b6dfdaa7c267624ab7b8a269aa26b50af08bfc69ba9523cc

  • Size

    196KB

  • Sample

    220924-lv46yabab8

  • MD5

    19770b03d1c191ccd5a67cc90894376a

  • SHA1

    2c96d543ad29665a440fde4b0d11aa1da0787db2

  • SHA256

    682ee9d6604ddbc0b6dfdaa7c267624ab7b8a269aa26b50af08bfc69ba9523cc

  • SHA512

    e2f0a84dd198a7eb6087640a080b1be77bada2c35c84c04f2f6a95f27814431eac63847d436b81e91fb20bb8ef95ecccd08637cdf564da707d786bd22788076a

  • SSDEEP

    3072:cmR1L/O3DVH85ldAY2d53utSqpElXZ5BrXjG/PkF4x:3LiDVSdyd53utS2qZ/X

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535
Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Targets

    • Target

      682ee9d6604ddbc0b6dfdaa7c267624ab7b8a269aa26b50af08bfc69ba9523cc

    • Size

      196KB

    • MD5

      19770b03d1c191ccd5a67cc90894376a

    • SHA1

      2c96d543ad29665a440fde4b0d11aa1da0787db2

    • SHA256

      682ee9d6604ddbc0b6dfdaa7c267624ab7b8a269aa26b50af08bfc69ba9523cc

    • SHA512

      e2f0a84dd198a7eb6087640a080b1be77bada2c35c84c04f2f6a95f27814431eac63847d436b81e91fb20bb8ef95ecccd08637cdf564da707d786bd22788076a

    • SSDEEP

      3072:cmR1L/O3DVH85ldAY2d53utSqpElXZ5BrXjG/PkF4x:3LiDVSdyd53utS2qZ/X

    Score
    10/10
    danabotsmokeloaderbackdoorbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks