General

  • Target

    3d01424d0e57eabd41eda9eb7843795a582096c821be587c6980acc407dac953

  • Size

    146KB

  • Sample

    221006-azkgjsgcbm

  • MD5

    43af0375a0a570ffef7dc42146625094

  • SHA1

    d585dc4102417a5a15e2a1ac0c3c7ad4b004a53b

  • SHA256

    3d01424d0e57eabd41eda9eb7843795a582096c821be587c6980acc407dac953

  • SHA512

    2c8d3df37267e7ddbe69f746b775ed86b0a2dda73b6593076a5f46ded615f004f5e7297b739995371a0fcfd3be47cda3545d29426f1be110caedbf6fba6a91f0

  • SSDEEP

    3072:bbdkZd0JhfGt1g04yBv7baLmU/3wWy9vx/3sHSMreYZO:b5l21gnEZUIWwvh3ISMrDZ

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    EAD30BF58E340E9E105B328F524565E0

  • type

    loader

Targets

    • Target

      3d01424d0e57eabd41eda9eb7843795a582096c821be587c6980acc407dac953

    • Size

      146KB

    • MD5

      43af0375a0a570ffef7dc42146625094

    • SHA1

      d585dc4102417a5a15e2a1ac0c3c7ad4b004a53b

    • SHA256

      3d01424d0e57eabd41eda9eb7843795a582096c821be587c6980acc407dac953

    • SHA512

      2c8d3df37267e7ddbe69f746b775ed86b0a2dda73b6593076a5f46ded615f004f5e7297b739995371a0fcfd3be47cda3545d29426f1be110caedbf6fba6a91f0

    • SSDEEP

      3072:bbdkZd0JhfGt1g04yBv7baLmU/3wWy9vx/3sHSMreYZO:b5l21gnEZUIWwvh3ISMrDZ

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Tasks