Analysis

  • max time kernel
    172s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-10-2022 12:37

General

  • Target

    malware_smoke_3900822290.exe

  • Size

    1.1MB

  • MD5

    aecb3fdebc29b15a92535bbbd21d295c

  • SHA1

    aba867d33123b33a1d21f7db6f05472721e2f5ef

  • SHA256

    380799a1cfe4311c17c4c6240ac65d8337e55679a547e57621ac3c8c9233315f

  • SHA512

    6ec34ae1e2141c3faee6f724fb0f5ae998b574ac765bfac0c21d5915c416085f50b6b3f500ebe787b6efb61b36ee9a19807278ae64d2a68e4ff53d6a5c499f99

  • SSDEEP

    24576:oiMdCm9+HP+xWXeHSoejsC5GL/6YkRkE26tW3Pk4d:o4NOKDw/6A84

Score
10/10

Malware Config

Extracted

Family

danabot

Botnet

5

Attributes
  • embedded_hash

    C9710462E1D60893F562FB2B07EC3B66

  • type

    loader

Signatures

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

Processes

  • C:\Users\Admin\AppData\Local\Temp\malware_smoke_3900822290.exe
    "C:\Users\Admin\AppData\Local\Temp\malware_smoke_3900822290.exe"
    1⤵
      PID:3520

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3520-132-0x0000000000921000-0x0000000000A02000-memory.dmp
      Filesize

      900KB

    • memory/3520-133-0x00000000023B0000-0x00000000025DB000-memory.dmp
      Filesize

      2.2MB

    • memory/3520-134-0x0000000000400000-0x0000000000637000-memory.dmp
      Filesize

      2.2MB

    • memory/3520-135-0x0000000000400000-0x0000000000637000-memory.dmp
      Filesize

      2.2MB

    • memory/3520-136-0x0000000000400000-0x0000000000637000-memory.dmp
      Filesize

      2.2MB

    • memory/3520-137-0x0000000000400000-0x0000000000637000-memory.dmp
      Filesize

      2.2MB