danabot | 759cd4da0b623ac5698db092a81d55be6e97971add71cb4ef00c5f49cf26b7a2 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

759cd4da0b623ac5698db092a81d55be6e97971add71cb4ef00c5f49cf26b7a2
Size

145KB
Sample

221003-mg45fshdgn
MD5

71d3d21d890f7f68d4c397a3c49795db
SHA1

3aaa3520164f3632069b47b38c774e8f98972fad
SHA256

759cd4da0b623ac5698db092a81d55be6e97971add71cb4ef00c5f49cf26b7a2
SHA512

94f8779e04c45fa7653edcdc162cb76e316b8fd8ed5a902853d29b620357edacaa06a48905a6231841f90e21465b564e9ff6090e754f68f8f41dba37aca59332
SSDEEP

3072:FTiOPaXZCxXz8gR+YtW7jIZw1PSEex2PMie:FT5MgZw1P7U2PMi

Score

10^/10

danabot smokeloader systembc backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

759cd4da0b623ac5698db092a81d55be6e97971add71cb4ef00c5f49cf26b7a2.exe

Resource

win10-20220901-en

danabot smokeloader systembc backdoor banker trojan

windows10-1703-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
F11D3871631E16E8DE15C24B32328D98
type
loader

Extracted

Family

systembc

C2

45.182.189.231:443

Targets

- Target
  
  759cd4da0b623ac5698db092a81d55be6e97971add71cb4ef00c5f49cf26b7a2
- Size
  
  145KB
- MD5
  
  71d3d21d890f7f68d4c397a3c49795db
- SHA1
  
  3aaa3520164f3632069b47b38c774e8f98972fad
- SHA256
  
  759cd4da0b623ac5698db092a81d55be6e97971add71cb4ef00c5f49cf26b7a2
- SHA512
  
  94f8779e04c45fa7653edcdc162cb76e316b8fd8ed5a902853d29b620357edacaa06a48905a6231841f90e21465b564e9ff6090e754f68f8f41dba37aca59332
- SSDEEP
  
  3072:FTiOPaXZCxXz8gR+YtW7jIZw1PSEex2PMie:FT5MgZw1P7U2PMi
Score

10^/10

danabot smokeloader systembc backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloadersystembcbackdoorbankertrojan

© 2018-2024

Terms | Privacy