Extracted

• • Target

    56f120e6f63ff266c49b0851e68bcdb6a823c6834f486e6090318602dc61106a

  • Size

    272KB

  • MD5

    d58078226c4066f05926c70be7cf64a7

  • SHA1

    8fb99e8c6db5d3ffb4e3685f962fc2b4f9f668c6

  • SHA256

    56f120e6f63ff266c49b0851e68bcdb6a823c6834f486e6090318602dc61106a

  • SHA512

    9d8b21c7692f3b910669afe7aa8468a6476b23a8d9c2a05b993d78b4591fdc565c228117bedb84f2deaf929e06cfb39258e653eecef83fd67098f1bcd756b807

  • SSDEEP

    6144:A/ERFLbNamokFUhsZzRuzbgwuZuwVfUU:A2UmBFUG1unn/U

  Score

  10^/10

  danabotsmokeloaderbackdoorbankertrojan

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Detects Smokeloader packer

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1