danabot | 06f52b68331a1a95c64073eb588d5bb76a372c729d90468d5027593d8a5450e6 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

06f52b68331a1a95c64073eb588d5bb76a372c729d90468d5027593d8a5450e6
Size

231KB
Sample

221014-z5zwvseeen
MD5

d45062e43f4e6996c770cc94dc3724db
SHA1

51eeb4dbba45e40585a05f5cd207abf36e54113e
SHA256

06f52b68331a1a95c64073eb588d5bb76a372c729d90468d5027593d8a5450e6
SHA512

3f83210205595195d18ee7318c23b44268b7f64f1ec00533861dae9239bfb8ec167af88e55a8fb15301884b1e54b3e9ac7aca4e88d5aafbefc9e00a673db8ee4
SSDEEP

3072:WXpWfaQl0qYlyvNa589SeImVmNK1uyh+Hpl30KMT4NH6fOi:+gfaQeMx7VmNIZYpl30Jaafx

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

06f52b68331a1a95c64073eb588d5bb76a372c729d90468d5027593d8a5450e6.exe

Resource

win10v2004-20220901-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Targets

- Target
  
  06f52b68331a1a95c64073eb588d5bb76a372c729d90468d5027593d8a5450e6
- Size
  
  231KB
- MD5
  
  d45062e43f4e6996c770cc94dc3724db
- SHA1
  
  51eeb4dbba45e40585a05f5cd207abf36e54113e
- SHA256
  
  06f52b68331a1a95c64073eb588d5bb76a372c729d90468d5027593d8a5450e6
- SHA512
  
  3f83210205595195d18ee7318c23b44268b7f64f1ec00533861dae9239bfb8ec167af88e55a8fb15301884b1e54b3e9ac7aca4e88d5aafbefc9e00a673db8ee4
- SSDEEP
  
  3072:WXpWfaQl0qYlyvNa589SeImVmNK1uyh+Hpl30KMT4NH6fOi:+gfaQeMx7VmNIZYpl30Jaafx
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2025

Terms | Privacy