danabot | 366980f315e59bff372304a9315308a9d4ab575404ffbfc685278a2552382d38 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

366980f315e59bff372304a9315308a9d4ab575404ffbfc685278a2552382d38
Size

261KB
Sample

221027-m2x7msbhc5
MD5

56078cea5046247473c4865aec804c36
SHA1

b0c55c0ab1546fd2d88392d2dd911e433d7dc8f4
SHA256

366980f315e59bff372304a9315308a9d4ab575404ffbfc685278a2552382d38
SHA512

a4d649c5f811a196e190e25a357181cc3b1a874fce8c63ff5a4c56c770bb1ed8eb08f51930481473b91de48a5846817bdbb0e0af61bd016722e2265c74516ad5
SSDEEP

3072:mX2UzUURhJ0Gl05Masp45NGI7yfYpmrStWpQFO7EQ495AEi6jvT9pb0Kx:O7/7l+Mas/I7yz2KToQ49SEHrD0S

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

366980f315e59bff372304a9315308a9d4ab575404ffbfc685278a2552382d38.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

172.86.120.215:443

213.227.155.103:443

103.187.26.147:443

172.86.120.138:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
type
loader

Targets

- Target
  
  366980f315e59bff372304a9315308a9d4ab575404ffbfc685278a2552382d38
- Size
  
  261KB
- MD5
  
  56078cea5046247473c4865aec804c36
- SHA1
  
  b0c55c0ab1546fd2d88392d2dd911e433d7dc8f4
- SHA256
  
  366980f315e59bff372304a9315308a9d4ab575404ffbfc685278a2552382d38
- SHA512
  
  a4d649c5f811a196e190e25a357181cc3b1a874fce8c63ff5a4c56c770bb1ed8eb08f51930481473b91de48a5846817bdbb0e0af61bd016722e2265c74516ad5
- SSDEEP
  
  3072:mX2UzUURhJ0Gl05Masp45NGI7yfYpmrStWpQFO7EQ495AEi6jvT9pb0Kx:O7/7l+Mas/I7yz2KToQ49SEHrD0S
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy