danabot | 90b8e3203a9bd4221ad483e4846ad0660da422a9c05a67cf30d589b5c661accb | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

90b8e3203a9bd4221ad483e4846ad0660da422a9c05a67cf30d589b5c661accb
Size

240KB
Sample

221212-txye6see9s
MD5

e9ed7ac7b9ce65910af7bb1a7f284c25
SHA1

72f26d8509a0d99790efb98d26abf39ca7664e93
SHA256

90b8e3203a9bd4221ad483e4846ad0660da422a9c05a67cf30d589b5c661accb
SHA512

2a1a409d2d5214580711f61f312412fea74bfafbef1359a3a70868c3f58b28d668585e776c340c65a3857c48ab827fd766014ed9b8d27293fd3b0ee7c55fbf01
SSDEEP

3072:iSlBLeoPdkmXYvr5WFiuG3OfOuneBJFQrDN1ohdBcf0EFtDRbR8pgX:HLrkmXYYMuG3URS01oyftFxcpgX

Score

10^/10

danabot smokeloader systembc backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

90b8e3203a9bd4221ad483e4846ad0660da422a9c05a67cf30d589b5c661accb.exe

Resource

win10-20220812-en

danabot smokeloader systembc backdoor banker trojan

windows10-1703-x64

24 signatures

150 seconds

Malware Config

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

- Target
  
  90b8e3203a9bd4221ad483e4846ad0660da422a9c05a67cf30d589b5c661accb
- Size
  
  240KB
- MD5
  
  e9ed7ac7b9ce65910af7bb1a7f284c25
- SHA1
  
  72f26d8509a0d99790efb98d26abf39ca7664e93
- SHA256
  
  90b8e3203a9bd4221ad483e4846ad0660da422a9c05a67cf30d589b5c661accb
- SHA512
  
  2a1a409d2d5214580711f61f312412fea74bfafbef1359a3a70868c3f58b28d668585e776c340c65a3857c48ab827fd766014ed9b8d27293fd3b0ee7c55fbf01
- SSDEEP
  
  3072:iSlBLeoPdkmXYvr5WFiuG3OfOuneBJFQrDN1ohdBcf0EFtDRbR8pgX:HLrkmXYYMuG3URS01oyftFxcpgX
Score

10^/10

danabot smokeloader systembc backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloadersystembcbackdoorbankertrojan

© 2018-2024

Terms | Privacy