danabot | 4ce542d14230b8774aef2b7b7336070404ce1e530b0df045a874d0d1e514fc41 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

4ce542d14230b8774aef2b7b7336070404ce1e530b0df045a874d0d1e514fc41
Size

260KB
Sample

221027-snvr9acfcr
MD5

e5f370f8c44209601142c1cd8e59feeb
SHA1

970c6e81697043ac2a28f408bf3aadcd868fd93e
SHA256

4ce542d14230b8774aef2b7b7336070404ce1e530b0df045a874d0d1e514fc41
SHA512

75056a46a0e22c5909d4e29faab8f510444b1a30f20214d32cf0a17d6ad04d089badcc0e548f32f84ffcd7ba6bfe313c6530cd14bcc5fae11e91d8f5ae7812f7
SSDEEP

3072:JXKhvYc10U0hP/6m1h45F8X1H4tYcPN9yX2MjPoQ8Sa7Xob0Ko:tkH/2P/6m1eaJ4d2GCaG0T

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

4ce542d14230b8774aef2b7b7336070404ce1e530b0df045a874d0d1e514fc41.exe

Resource

win10-20220812-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

172.86.120.215:443

213.227.155.103:443

103.187.26.147:443

172.86.120.138:443

49.0.50.0:57

51.0.52.0:0

53.0.54.0:1200

55.0.56.0:65535

Attributes

embedded_hash
BBBB0DB8CB7E6D152424535822E445A7
type
loader

Targets

- Target
  
  4ce542d14230b8774aef2b7b7336070404ce1e530b0df045a874d0d1e514fc41
- Size
  
  260KB
- MD5
  
  e5f370f8c44209601142c1cd8e59feeb
- SHA1
  
  970c6e81697043ac2a28f408bf3aadcd868fd93e
- SHA256
  
  4ce542d14230b8774aef2b7b7336070404ce1e530b0df045a874d0d1e514fc41
- SHA512
  
  75056a46a0e22c5909d4e29faab8f510444b1a30f20214d32cf0a17d6ad04d089badcc0e548f32f84ffcd7ba6bfe313c6530cd14bcc5fae11e91d8f5ae7812f7
- SSDEEP
  
  3072:JXKhvYc10U0hP/6m1h45F8X1H4tYcPN9yX2MjPoQ8Sa7Xob0Ko:tkH/2P/6m1eaJ4d2GCaG0T
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy