danabot | fccea4f3d6ebae2f1c65af24a68585e8170c3a0e60cfbb0a639f02345c1a3098 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

fccea4f3d6ebae2f1c65af24a68585e8170c3a0e60cfbb0a639f02345c1a3098
Size

217KB
Sample

221018-bmm8caebel
MD5

f771ba77542c6f19cade962fb4543ab6
SHA1

2f8844c1d368bce620a2761b35288498f51bc95e
SHA256

fccea4f3d6ebae2f1c65af24a68585e8170c3a0e60cfbb0a639f02345c1a3098
SHA512

9dfcfe72a5c43ad395b290c04dce71f4b8a27a2cd1bd24b01d5fd5923f5b2dc02702f964b081113a0bc1d9b236340e161f0adc16f947a0968bc9e6ea835ed4fd
SSDEEP

3072:h/EphVY6tjOSazEGm7cgiL7VG6naXkFALxFIPD4Xu0wtabJM9wVTjuJ+EjaL:hMps6xGmQnL7A6nW1aPDWBJM9wVTbr

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

fccea4f3d6ebae2f1c65af24a68585e8170c3a0e60cfbb0a639f02345c1a3098.exe

Resource

win10v2004-20220901-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Targets

- Target
  
  fccea4f3d6ebae2f1c65af24a68585e8170c3a0e60cfbb0a639f02345c1a3098
- Size
  
  217KB
- MD5
  
  f771ba77542c6f19cade962fb4543ab6
- SHA1
  
  2f8844c1d368bce620a2761b35288498f51bc95e
- SHA256
  
  fccea4f3d6ebae2f1c65af24a68585e8170c3a0e60cfbb0a639f02345c1a3098
- SHA512
  
  9dfcfe72a5c43ad395b290c04dce71f4b8a27a2cd1bd24b01d5fd5923f5b2dc02702f964b081113a0bc1d9b236340e161f0adc16f947a0968bc9e6ea835ed4fd
- SSDEEP
  
  3072:h/EphVY6tjOSazEGm7cgiL7VG6naXkFALxFIPD4Xu0wtabJM9wVTjuJ+EjaL:hMps6xGmQnL7A6nW1aPDWBJM9wVTbr
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2025

Terms | Privacy