General

  • Target

    file.exe

  • Size

    327KB

  • Sample

    220928-kl1lqageep

  • MD5

    5c7e862b9201b120959e3df258c2cd07

  • SHA1

    bb32baa88e28c8823e17abfff5e8b1653f577842

  • SHA256

    a749aafd3cf83fcfe2a763e09cca6521c3176b3c78af41fecbf5406af99bcfa2

  • SHA512

    0c2919811a31f31fd16e1f252889c82d8226b908d80fbc6bc516fc7b3dc14caf6420093b8d8e7b1b66080789e964b592c9a12dbdf5887ec5f50e648c13db095b

  • SSDEEP

    3072:A2XsuMvfYKO+cpj8f5thZ+5Xbo74YKHhIxPcKprtBU1P8/UBOBz0KFE5QM/h3Bsq:Ae1Z6cYhovYQIxBz0enigabwVfs

Malware Config

Extracted

Family

danabot

C2

198.15.112.179:443

185.62.56.245:443

153.92.223.225:443

192.119.70.159:443

Attributes
  • embedded_hash

    6618C163D57D6441FCCA65D86C4D380D

  • type

    loader

Extracted

Family

systembc

C2

141.98.82.229:4001

Targets

    • Target

      file.exe

    • Size

      327KB

    • MD5

      5c7e862b9201b120959e3df258c2cd07

    • SHA1

      bb32baa88e28c8823e17abfff5e8b1653f577842

    • SHA256

      a749aafd3cf83fcfe2a763e09cca6521c3176b3c78af41fecbf5406af99bcfa2

    • SHA512

      0c2919811a31f31fd16e1f252889c82d8226b908d80fbc6bc516fc7b3dc14caf6420093b8d8e7b1b66080789e964b592c9a12dbdf5887ec5f50e648c13db095b

    • SSDEEP

      3072:A2XsuMvfYKO+cpj8f5thZ+5Xbo74YKHhIxPcKprtBU1P8/UBOBz0KFE5QM/h3Bsq:Ae1Z6cYhovYQIxBz0enigabwVfs

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks