danabot | 8e515af7458e5ba4c811105fd16aa55a7b2d4746d8d6455d4de171e1bcb4f491 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

8e515af7458e5ba4c811105fd16aa55a7b2d4746d8d6455d4de171e1bcb4f491
Size

329KB
Sample

220927-vdfxfseab4
MD5

3760371240026648da3a426888ec2767
SHA1

dfedf2d331df88103ea9449f00927322ad523710
SHA256

8e515af7458e5ba4c811105fd16aa55a7b2d4746d8d6455d4de171e1bcb4f491
SHA512

7748eff2c69a414b8e70979afdf3a342a6bab799bdafae7481cade210111baa29bfa7e36499c793c7a279dc9e800215c37f88e6a3ead51f9a50d284419774962
SSDEEP

6144:NYn7gjbhe56QIAwkGCCImLd0RTcnigabwVfs:NYn7gBe5jxwk+imiB

Score

10^/10

danabot redline smokeloader systembc insmix backdoor banker discovery infostealer spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

8e515af7458e5ba4c811105fd16aa55a7b2d4746d8d6455d4de171e1bcb4f491.exe

Resource

win10-20220901-en

danabot redline smokeloader systembc insmix backdoor banker discovery infostealer spyware stealer trojan

windows10-1703-x64

18 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
6618C163D57D6441FCCA65D86C4D380D
type
loader

Extracted

Family

redline

Botnet

insmix

C2

jamesmillion2.xyz:9420

Attributes

auth_value
f388a05524f756108c9e4b0f4c4bafb6

Extracted

Family

systembc

C2

141.98.82.229:4001

Targets

- Target
  
  8e515af7458e5ba4c811105fd16aa55a7b2d4746d8d6455d4de171e1bcb4f491
- Size
  
  329KB
- MD5
  
  3760371240026648da3a426888ec2767
- SHA1
  
  dfedf2d331df88103ea9449f00927322ad523710
- SHA256
  
  8e515af7458e5ba4c811105fd16aa55a7b2d4746d8d6455d4de171e1bcb4f491
- SHA512
  
  7748eff2c69a414b8e70979afdf3a342a6bab799bdafae7481cade210111baa29bfa7e36499c793c7a279dc9e800215c37f88e6a3ead51f9a50d284419774962
- SSDEEP
  
  6144:NYn7gjbhe56QIAwkGCCImLd0RTcnigabwVfs:NYn7gBe5jxwk+imiB
Score

10^/10

danabot redline smokeloader systembc insmix backdoor banker discovery infostealer spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotredlinesmokeloadersystembcinsmixbackdoorbankerdiscoveryinfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy