danabot | 7abaebf4d3807453b2e2a0ef250101b1087e291010b9f69124272af30f540d4a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

7abaebf4d3807453b2e2a0ef250101b1087e291010b9f69124272af30f540d4a
Size

193KB
Sample

221020-qrwslsfgf5
MD5

c1bf74789ae95f35dcf98ab453acbff3
SHA1

78cfde9b320ad6ca9219e7221e2b6342fb13ee63
SHA256

7abaebf4d3807453b2e2a0ef250101b1087e291010b9f69124272af30f540d4a
SHA512

38e8f2d4a4731b55fed60af7a0e102ccdaacfdd3dd204a53d2e0573cd19c66adfa6ae889e2a016bfed660db278355ebfd47dd81acdac73c502cf9d4bf1fa0f00
SSDEEP

3072:yXOJPDLgYNWsP5je8DWkBOpGb88uqYr0Kj0oXM9G+k:y2PDLzNkkWkaFqYr0LoIG

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

7abaebf4d3807453b2e2a0ef250101b1087e291010b9f69124272af30f540d4a.exe

Resource

win10v2004-20220901-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

192.236.233.188:443

192.119.70.159:443

23.106.124.171:443

213.227.155.103:443

Attributes

embedded_hash
56951C922035D696BFCE443750496462
type
loader

Targets

- Target
  
  7abaebf4d3807453b2e2a0ef250101b1087e291010b9f69124272af30f540d4a
- Size
  
  193KB
- MD5
  
  c1bf74789ae95f35dcf98ab453acbff3
- SHA1
  
  78cfde9b320ad6ca9219e7221e2b6342fb13ee63
- SHA256
  
  7abaebf4d3807453b2e2a0ef250101b1087e291010b9f69124272af30f540d4a
- SHA512
  
  38e8f2d4a4731b55fed60af7a0e102ccdaacfdd3dd204a53d2e0573cd19c66adfa6ae889e2a016bfed660db278355ebfd47dd81acdac73c502cf9d4bf1fa0f00
- SSDEEP
  
  3072:yXOJPDLgYNWsP5je8DWkBOpGb88uqYr0Kj0oXM9G+k:y2PDLzNkkWkaFqYr0LoIG
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy