danabot | fb3e1a27f8fdb187502e80401e893056b2ed7015165aa523d92814d7cd1692a1 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

fb3e1a27f8fdb187502e80401e893056b2ed7015165aa523d92814d7cd1692a1
Size

244KB
Sample

221025-psr1dacgaq
MD5

e30ebb8469ac6a35ebca3adeea289f9a
SHA1

a600b104ca53e244c227992cb2773a07283ecd9a
SHA256

fb3e1a27f8fdb187502e80401e893056b2ed7015165aa523d92814d7cd1692a1
SHA512

f4fb1564fefe8d0123cb9dacc754d2c6be2bade12409914c97e904bb8b539d2c74f5e5ba4e42faf8f80e82bdd7e7300b75f3a6eeb0863c1d7cc1f85693be4a1e
SSDEEP

3072:gXrlb7l5x/LkPzLQqeD5LZ9wlO6RF2Tr3y1YJSPNMqeU4/eOiWxGb:Ul5fLyQqe1Z9uO6uCKL3U2eOv+

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

fb3e1a27f8fdb187502e80401e893056b2ed7015165aa523d92814d7cd1692a1.exe

Resource

win10-20220812-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

23 signatures

150 seconds

Malware Config

Extracted

Family

danabot

Attributes

embedded_hash
569235DCA8F16ED8310BBACCB674F896
type
loader

Targets

- Target
  
  fb3e1a27f8fdb187502e80401e893056b2ed7015165aa523d92814d7cd1692a1
- Size
  
  244KB
- MD5
  
  e30ebb8469ac6a35ebca3adeea289f9a
- SHA1
  
  a600b104ca53e244c227992cb2773a07283ecd9a
- SHA256
  
  fb3e1a27f8fdb187502e80401e893056b2ed7015165aa523d92814d7cd1692a1
- SHA512
  
  f4fb1564fefe8d0123cb9dacc754d2c6be2bade12409914c97e904bb8b539d2c74f5e5ba4e42faf8f80e82bdd7e7300b75f3a6eeb0863c1d7cc1f85693be4a1e
- SSDEEP
  
  3072:gXrlb7l5x/LkPzLQqeD5LZ9wlO6RF2Tr3y1YJSPNMqeU4/eOiWxGb:Ul5fLyQqe1Z9uO6uCKL3U2eOv+
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy