danabot | a3b093b598745be3ab996c93644a3f253c3e8e35b1b6aebb598c3144f8ac2d30 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

a3b093b598745be3ab996c93644a3f253c3e8e35b1b6aebb598c3144f8ac2d30
Size

256KB
Sample

221027-f1axdsahdk
MD5

2574df928dade38b6439e14e167d9342
SHA1

f9b0e479f1eb2d9bc8f1420b1577a1b75ef2a0f2
SHA256

a3b093b598745be3ab996c93644a3f253c3e8e35b1b6aebb598c3144f8ac2d30
SHA512

dfa32412b37773051c4251165a01e965617794b2844e9fa0aa789c71995d5b97d19e4e09a173571a5f7890d87ab7a053864a0abf1ee72cc3acfeaa97e98ff3b0
SSDEEP

6144:d3qGs1pM/PcECggm/aqQ4BqWE4aJ2QI1E:d3O1pEkiCfb/2QIy

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

a3b093b598745be3ab996c93644a3f253c3e8e35b1b6aebb598c3144f8ac2d30.exe

Resource

win10v2004-20220901-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

172.86.120.215:443

213.227.155.103:443

103.187.26.147:443

172.86.120.138:443

Attributes

embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
type
loader

Targets

- Target
  
  a3b093b598745be3ab996c93644a3f253c3e8e35b1b6aebb598c3144f8ac2d30
- Size
  
  256KB
- MD5
  
  2574df928dade38b6439e14e167d9342
- SHA1
  
  f9b0e479f1eb2d9bc8f1420b1577a1b75ef2a0f2
- SHA256
  
  a3b093b598745be3ab996c93644a3f253c3e8e35b1b6aebb598c3144f8ac2d30
- SHA512
  
  dfa32412b37773051c4251165a01e965617794b2844e9fa0aa789c71995d5b97d19e4e09a173571a5f7890d87ab7a053864a0abf1ee72cc3acfeaa97e98ff3b0
- SSDEEP
  
  6144:d3qGs1pM/PcECggm/aqQ4BqWE4aJ2QI1E:d3O1pEkiCfb/2QIy
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2025

Terms | Privacy