danabot | 1a74fa2a71de05605f1d77389d181fd6222c8f5040505183740450c23ff33140 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

1a74fa2a71de05605f1d77389d181fd6222c8f5040505183740450c23ff33140
Size

383KB
Sample

221209-r3125sdd57
MD5

cda12bd3ffaf1eee175eeb7e895b644c
SHA1

1f230a3603601471ca4698a3a75b60f18b8b933b
SHA256

1a74fa2a71de05605f1d77389d181fd6222c8f5040505183740450c23ff33140
SHA512

190a75649a83bb3a3b315e60d9faebaa04f9fb95a8c389463c51880811c8338f0cc750acac86df045c4da703b3f8a513dd57e81f9d61bdb55d0260f4721f5010
SSDEEP

6144:dfQtL8XSUkX85ZtyClapquB1xqY9xA1hh6K9W9B1gkyded89kTR:dfKgXSlMjtyoapqKDqo8IK9W9B1fzaw

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

1a74fa2a71de05605f1d77389d181fd6222c8f5040505183740450c23ff33140.exe

Resource

win10-20220901-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a74fa2a71de05605f1d77389d181fd6222c8f5040505183740450c23ff33140
- Size
  
  383KB
- MD5
  
  cda12bd3ffaf1eee175eeb7e895b644c
- SHA1
  
  1f230a3603601471ca4698a3a75b60f18b8b933b
- SHA256
  
  1a74fa2a71de05605f1d77389d181fd6222c8f5040505183740450c23ff33140
- SHA512
  
  190a75649a83bb3a3b315e60d9faebaa04f9fb95a8c389463c51880811c8338f0cc750acac86df045c4da703b3f8a513dd57e81f9d61bdb55d0260f4721f5010
- SSDEEP
  
  6144:dfQtL8XSUkX85ZtyClapquB1xqY9xA1hh6K9W9B1gkyded89kTR:dfKgXSlMjtyoapqKDqo8IK9W9B1fzaw
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy