danabot | 6593b12340d2979c38db59194a5888ab8003384eae23cc36f5cfc38da1d0e864 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

6593b12340d2979c38db59194a5888ab8003384eae23cc36f5cfc38da1d0e864
Size

145KB
Sample

221006-e1rdpsgehn
MD5

d5799abe28b073853f14b08500d17c35
SHA1

275c357c45b04da2a7b595dbccbea0fb9f06547b
SHA256

6593b12340d2979c38db59194a5888ab8003384eae23cc36f5cfc38da1d0e864
SHA512

d48a602eec6d9f993c24ba4090425a02979b075722ed934bb113c9a198ef2ec181547f21ea895425d656996de842f4ab8793559c80a6c9260f8362a2ac3b8387
SSDEEP

1536:XMA/usmuXcTjA1G++MhhkMOgNl2Y9vBl/fRb42PXho8IUni/xV9XE/WzWDMOi:XMAWoIr++3MO659v3/fR82+mIkfwO

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

6593b12340d2979c38db59194a5888ab8003384eae23cc36f5cfc38da1d0e864.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
EAD30BF58E340E9E105B328F524565E0
type
loader

Targets

- Target
  
  6593b12340d2979c38db59194a5888ab8003384eae23cc36f5cfc38da1d0e864
- Size
  
  145KB
- MD5
  
  d5799abe28b073853f14b08500d17c35
- SHA1
  
  275c357c45b04da2a7b595dbccbea0fb9f06547b
- SHA256
  
  6593b12340d2979c38db59194a5888ab8003384eae23cc36f5cfc38da1d0e864
- SHA512
  
  d48a602eec6d9f993c24ba4090425a02979b075722ed934bb113c9a198ef2ec181547f21ea895425d656996de842f4ab8793559c80a6c9260f8362a2ac3b8387
- SSDEEP
  
  1536:XMA/usmuXcTjA1G++MhhkMOgNl2Y9vBl/fRb42PXho8IUni/xV9XE/WzWDMOi:XMAWoIr++3MO659v3/fR82+mIkfwO
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy