danabot | 090cb19f8745e669eeb19d014ba18abdf9b447f1a2519b15569558bfb079bf6a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

090cb19f8745e669eeb19d014ba18abdf9b447f1a2519b15569558bfb079bf6a
Size

272KB
Sample

221005-njm5dsedcm
MD5

dc37acf1e69f7bf1ea417c9f408e0abf
SHA1

c6333d1ef0302a4a536899aefbe58264f575b481
SHA256

090cb19f8745e669eeb19d014ba18abdf9b447f1a2519b15569558bfb079bf6a
SHA512

91d43e9f49f19935bfbf31218dfc60428981fb27db525e431bfca9b3dcac6f94bd6070aca60edce985efae948c5fc7aeae57a5f52f7b8c2fef337f38541ad8d6
SSDEEP

6144:10fqNSLXc1X5SHuImlcuzbgwuLW2DBIeTwVf:1kqNSjc1XQm2unni

Score

10^/10

danabot smokeloader systembc backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

090cb19f8745e669eeb19d014ba18abdf9b447f1a2519b15569558bfb079bf6a.exe

Resource

win10v2004-20220812-en

danabot smokeloader systembc backdoor banker trojan

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

embedded_hash
EAD30BF58E340E9E105B328F524565E0
type
loader

Extracted

Family

systembc

C2

45.182.189.231:443

Targets

- Target
  
  090cb19f8745e669eeb19d014ba18abdf9b447f1a2519b15569558bfb079bf6a
- Size
  
  272KB
- MD5
  
  dc37acf1e69f7bf1ea417c9f408e0abf
- SHA1
  
  c6333d1ef0302a4a536899aefbe58264f575b481
- SHA256
  
  090cb19f8745e669eeb19d014ba18abdf9b447f1a2519b15569558bfb079bf6a
- SHA512
  
  91d43e9f49f19935bfbf31218dfc60428981fb27db525e431bfca9b3dcac6f94bd6070aca60edce985efae948c5fc7aeae57a5f52f7b8c2fef337f38541ad8d6
- SSDEEP
  
  6144:10fqNSLXc1X5SHuImlcuzbgwuLW2DBIeTwVf:1kqNSjc1XQm2unni
Score

10^/10

danabot smokeloader systembc backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloadersystembcbackdoorbankertrojan

© 2018-2024

Terms | Privacy