danabot | 1bef32d79e229d8cc8f78866280f4ccd5f16f599850f02f9db876ed70f4bf482 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

255KB
Sample

221027-kxqwnabfgj
MD5

e45c5a6b86f88d05f6a7a803ebfc7d54
SHA1

621d16be1446624651204808e26e5e8d216dc11f
SHA256

1bef32d79e229d8cc8f78866280f4ccd5f16f599850f02f9db876ed70f4bf482
SHA512

cc6224c7d097b9187268113e93f9eef5c9e9571254f518e7b24c15d9e2cbc16f28f10bfb80824243c4989a4d1f2f7e2a01e0b4316e58867a746e7ca15e8d358c
SSDEEP

3072:EXi/maJUdsa8HFq56I7X+eRU5RZ3t1uTQefJsQLTIdzE8VN:AYmaJUN4I7q5Rb1oaH

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

172.86.120.215:443

213.227.155.103:443

103.187.26.147:443

172.86.120.138:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
type
loader

Targets

- Target
  
  file.exe
- Size
  
  255KB
- MD5
  
  e45c5a6b86f88d05f6a7a803ebfc7d54
- SHA1
  
  621d16be1446624651204808e26e5e8d216dc11f
- SHA256
  
  1bef32d79e229d8cc8f78866280f4ccd5f16f599850f02f9db876ed70f4bf482
- SHA512
  
  cc6224c7d097b9187268113e93f9eef5c9e9571254f518e7b24c15d9e2cbc16f28f10bfb80824243c4989a4d1f2f7e2a01e0b4316e58867a746e7ca15e8d358c
- SSDEEP
  
  3072:EXi/maJUdsa8HFq56I7X+eRU5RZ3t1uTQefJsQLTIdzE8VN:AYmaJUN4I7q5Rb1oaH
Score

10^/10

smokeloader backdoor trojan danabot banker
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy