Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b154251b524721e5bbd59b830e76e4cb7c8e20c0555c2d1d4092c7c970a4a879

  • Size

    216KB

  • Sample

    221017-weprescee4

  • MD5

    4ae89242ec0cfd7252d7d2b2def33e53

  • SHA1

    2699edbdfac71959cd2b76b78ad4d0e851bdc418

  • SHA256

    b154251b524721e5bbd59b830e76e4cb7c8e20c0555c2d1d4092c7c970a4a879

  • SHA512

    6c304ccaa39eb7d7a71169dab94fe913a67ea4afaa36ed8cf47847ae81184babf4ad15c65658456a2c176b9f47231a6d47c57498f98560368f666108f2e2e4f9

  • SSDEEP

    3072:GRAZfSxKeEYzwK9CJLtEkYaiEMCZBkboMQ/bMpkor03pp:GGZY5zlILtXYaEoMYbVog3p

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443
Attributes
  • embedded_hash

    56951C922035D696BFCE443750496462

  • type

    loader

Targets

    • Target

      b154251b524721e5bbd59b830e76e4cb7c8e20c0555c2d1d4092c7c970a4a879

    • Size

      216KB

    • MD5

      4ae89242ec0cfd7252d7d2b2def33e53

    • SHA1

      2699edbdfac71959cd2b76b78ad4d0e851bdc418

    • SHA256

      b154251b524721e5bbd59b830e76e4cb7c8e20c0555c2d1d4092c7c970a4a879

    • SHA512

      6c304ccaa39eb7d7a71169dab94fe913a67ea4afaa36ed8cf47847ae81184babf4ad15c65658456a2c176b9f47231a6d47c57498f98560368f666108f2e2e4f9

    • SSDEEP

      3072:GRAZfSxKeEYzwK9CJLtEkYaiEMCZBkboMQ/bMpkor03pp:GGZY5zlILtXYaEoMYbVog3p

    Score
    10/10
    danabotsmokeloaderbackdoorbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks