danabot | 87d32d3297e61ec74139be66495d50ea31a60e44bad698e20fc4449dd56ed032 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

87d32d3297e61ec74139be66495d50ea31a60e44bad698e20fc4449dd56ed032
Size

383KB
Sample

221209-svwywsgc8v
MD5

4589373538dde9065d80c540d267d1cb
SHA1

72b31155293a305b0e89420f99cf3fab60c3a3c6
SHA256

87d32d3297e61ec74139be66495d50ea31a60e44bad698e20fc4449dd56ed032
SHA512

0c7fd0d1a9d79c07e9174b9b2e7597909409f19ac6f365b8f76e2a4dc9d655f2b328ed960d1be1021290651d3ee801eace6f04099fd9ada04ed2f60c6f1b1c89
SSDEEP

6144:wh7L8svVrHBDZFil1BG91hh6K9W9AgdtIDXvded89kTR:wpQsvRhDqGIK9W9AgdtIDXgaw

Score

10^/10

danabot smokeloader backdoor banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

87d32d3297e61ec74139be66495d50ea31a60e44bad698e20fc4449dd56ed032.exe

Resource

win10-20220901-en

danabot smokeloader backdoor banker discovery trojan

windows10-1703-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  87d32d3297e61ec74139be66495d50ea31a60e44bad698e20fc4449dd56ed032
- Size
  
  383KB
- MD5
  
  4589373538dde9065d80c540d267d1cb
- SHA1
  
  72b31155293a305b0e89420f99cf3fab60c3a3c6
- SHA256
  
  87d32d3297e61ec74139be66495d50ea31a60e44bad698e20fc4449dd56ed032
- SHA512
  
  0c7fd0d1a9d79c07e9174b9b2e7597909409f19ac6f365b8f76e2a4dc9d655f2b328ed960d1be1021290651d3ee801eace6f04099fd9ada04ed2f60c6f1b1c89
- SSDEEP
  
  6144:wh7L8svVrHBDZFil1BG91hh6K9W9AgdtIDXvded89kTR:wpQsvRhDqGIK9W9AgdtIDXgaw
Score

10^/10

danabot smokeloader backdoor banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverytrojan

© 2018-2024

Terms | Privacy