danabot | b251c7a53d746aed311efcb379be6b78bfedfb782c11f8e5cc8fc5402eb8db94 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

b251c7a53d746aed311efcb379be6b78bfedfb782c11f8e5cc8fc5402eb8db94
Size

269KB
Sample

221027-lsrstsbgfm
MD5

d0db6fb4dda23fb89836dafd6017a8fc
SHA1

6f3d8768e07a42736c7f0e157d9393bd44ed03b6
SHA256

b251c7a53d746aed311efcb379be6b78bfedfb782c11f8e5cc8fc5402eb8db94
SHA512

6522683a962d14d12b07ca8a9b71fc933c19ef3e127ccafefd78a1bc350bb061138355f73b8a761c65ebcf851ece54f101bc57df723f4336faa727e463708cce
SSDEEP

3072:FXi5HzOJD8myKrcX27dUeRUQXbLeHIM+wfdKr8wZuqwBopgqr1jV79HnIo0K+:BiHzWrI2BUa3eo78q2IrnRIo0/

Score

10^/10

danabot smokeloader systembc backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

b251c7a53d746aed311efcb379be6b78bfedfb782c11f8e5cc8fc5402eb8db94.exe

Resource

win10v2004-20220901-en

danabot smokeloader systembc backdoor banker trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

172.86.120.215:443

213.227.155.103:443

103.187.26.147:443

172.86.120.138:443

Attributes

embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
type
loader

Extracted

Family

systembc

C2

45.182.189.231:443

Targets

- Target
  
  b251c7a53d746aed311efcb379be6b78bfedfb782c11f8e5cc8fc5402eb8db94
- Size
  
  269KB
- MD5
  
  d0db6fb4dda23fb89836dafd6017a8fc
- SHA1
  
  6f3d8768e07a42736c7f0e157d9393bd44ed03b6
- SHA256
  
  b251c7a53d746aed311efcb379be6b78bfedfb782c11f8e5cc8fc5402eb8db94
- SHA512
  
  6522683a962d14d12b07ca8a9b71fc933c19ef3e127ccafefd78a1bc350bb061138355f73b8a761c65ebcf851ece54f101bc57df723f4336faa727e463708cce
- SSDEEP
  
  3072:FXi5HzOJD8myKrcX27dUeRUQXbLeHIM+wfdKr8wZuqwBopgqr1jV79HnIo0K+:BiHzWrI2BUa3eo78q2IrnRIo0/
Score

10^/10

danabot smokeloader systembc backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloadersystembcbackdoorbankertrojan

© 2018-2024

Terms | Privacy