danabot | c07977990ba8f2760548e7b4b4abaa4336f63259f91a66676ccb581544036173 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

272KB
Sample

221005-219llsfhc6
MD5

8f6cba2efb3ec2ebc03f657370e6a419
SHA1

77d058b2dae8782b3cd0267810317c51cfda2fb9
SHA256

c07977990ba8f2760548e7b4b4abaa4336f63259f91a66676ccb581544036173
SHA512

63449e933f2c2b8176221951ddd1b26170a2fbb3d1dde792805385589f0b27ab13d96dea1eabf44ac4bfb1d8a12a417f724d9f5efcaaa96b2cb575a51bff2ee9
SSDEEP

6144:OR66f0LGlcRXf9k+iIX2RuzbgwuhS3mwVfUg:OMvKlc51lvwunn8g

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220901-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
EAD30BF58E340E9E105B328F524565E0
type
loader

Targets

- Target
  
  file.exe
- Size
  
  272KB
- MD5
  
  8f6cba2efb3ec2ebc03f657370e6a419
- SHA1
  
  77d058b2dae8782b3cd0267810317c51cfda2fb9
- SHA256
  
  c07977990ba8f2760548e7b4b4abaa4336f63259f91a66676ccb581544036173
- SHA512
  
  63449e933f2c2b8176221951ddd1b26170a2fbb3d1dde792805385589f0b27ab13d96dea1eabf44ac4bfb1d8a12a417f724d9f5efcaaa96b2cb575a51bff2ee9
- SSDEEP
  
  6144:OR66f0LGlcRXf9k+iIX2RuzbgwuhS3mwVfUg:OMvKlc51lvwunn8g
Score

10^/10

smokeloader backdoor trojan danabot banker
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy