danabot | abfda87aaf9735d66f9e567b2006dbf803d1a9334424d70a4be4200ff582e7e0 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

abfda87aaf9735d66f9e567b2006dbf803d1a9334424d70a4be4200ff582e7e0
Size

196KB
Sample

221018-vm262sggej
MD5

a611a9ab42af39d3aab0689b2d4dc402
SHA1

f59c3fac9fb0083fa4f5dbb816ce00484132cdb2
SHA256

abfda87aaf9735d66f9e567b2006dbf803d1a9334424d70a4be4200ff582e7e0
SHA512

7748fb232b54cd250fde94333cbf51f2d5d0910b58cc5c9e96c66b097b5c2516f2a80b11aa59a4ce0abd074ad59506dccdfca2866975d49ef5da0853ff5a44f2
SSDEEP

3072:fXOr8xALXL5beW5/Xx4ebi0FUbjwha09XL0KcXV+RFJJMo:Pa8xAL748/bpFcsN0aLF

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

abfda87aaf9735d66f9e567b2006dbf803d1a9334424d70a4be4200ff582e7e0.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Targets

- Target
  
  abfda87aaf9735d66f9e567b2006dbf803d1a9334424d70a4be4200ff582e7e0
- Size
  
  196KB
- MD5
  
  a611a9ab42af39d3aab0689b2d4dc402
- SHA1
  
  f59c3fac9fb0083fa4f5dbb816ce00484132cdb2
- SHA256
  
  abfda87aaf9735d66f9e567b2006dbf803d1a9334424d70a4be4200ff582e7e0
- SHA512
  
  7748fb232b54cd250fde94333cbf51f2d5d0910b58cc5c9e96c66b097b5c2516f2a80b11aa59a4ce0abd074ad59506dccdfca2866975d49ef5da0853ff5a44f2
- SSDEEP
  
  3072:fXOr8xALXL5beW5/Xx4ebi0FUbjwha09XL0KcXV+RFJJMo:Pa8xAL748/bpFcsN0aLF
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2025

Terms | Privacy