danabot | 9d95e51bc6240a1e42b4d7ac35f3949e98bc2462cfd84ae3180b3d3753d6fd32 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

146KB
Sample

221006-al64dsgab4
MD5

5857452a7c4f42e1be84602d6fdd5de4
SHA1

031694f1a68eafa3915c886d6dba4c2034c7bea1
SHA256

9d95e51bc6240a1e42b4d7ac35f3949e98bc2462cfd84ae3180b3d3753d6fd32
SHA512

13d50804f489bad9340716ae7c1fb1a779e3d09917afc9bbf31d108f02223cc7295ca0d3e5b0c687e3d6d8d1434636a285743eda424e59ab5afd0223e500196e
SSDEEP

3072:KIkS00hfhxLbvCTQXMfJZjLIyUMe9a+BPcBaGO:VmYHvExZjLhe9zB4aG

Score

10^/10

danabot smokeloader backdoor banker discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220901-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker discovery spyware stealer trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
EAD30BF58E340E9E105B328F524565E0
type
loader

Targets

- Target
  
  file.exe
- Size
  
  146KB
- MD5
  
  5857452a7c4f42e1be84602d6fdd5de4
- SHA1
  
  031694f1a68eafa3915c886d6dba4c2034c7bea1
- SHA256
  
  9d95e51bc6240a1e42b4d7ac35f3949e98bc2462cfd84ae3180b3d3753d6fd32
- SHA512
  
  13d50804f489bad9340716ae7c1fb1a779e3d09917afc9bbf31d108f02223cc7295ca0d3e5b0c687e3d6d8d1434636a285743eda424e59ab5afd0223e500196e
- SSDEEP
  
  3072:KIkS00hfhxLbvCTQXMfJZjLIyUMe9a+BPcBaGO:VmYHvExZjLhe9zB4aG
Score

10^/10

smokeloader backdoor trojan danabot banker discovery spyware stealer
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

danabotsmokeloaderbackdoorbankerdiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy