Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    49cd5a76f729bd108540638bb514d565994b7cde40531fcb4589db4dfbfbac6d

  • Size

    215KB

  • Sample

    221217-ns69magf27

  • MD5

    d7565b2f6cc0e59356e55a4bf69ce32e

  • SHA1

    327292dbdf7999673059547cc6c9b3c248e13807

  • SHA256

    49cd5a76f729bd108540638bb514d565994b7cde40531fcb4589db4dfbfbac6d

  • SHA512

    2c754827389dc52eff7103b37e34eb8f67060731f98531f69b1214ba2fbad49c16c780ccedb0a2162c0ea03b6c1a81240c107752c1ce4ccff3003be36f6e531a

  • SSDEEP

    3072:WCjFWEL33IRZDmGDqhGrMgsmBTWxXM7XI9I5iTY8/g3xoXX1UG3ERWR3L+:tj4EL3WDmqBTWSX958dg3CXX1FU0VC

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      49cd5a76f729bd108540638bb514d565994b7cde40531fcb4589db4dfbfbac6d

    • Size

      215KB

    • MD5

      d7565b2f6cc0e59356e55a4bf69ce32e

    • SHA1

      327292dbdf7999673059547cc6c9b3c248e13807

    • SHA256

      49cd5a76f729bd108540638bb514d565994b7cde40531fcb4589db4dfbfbac6d

    • SHA512

      2c754827389dc52eff7103b37e34eb8f67060731f98531f69b1214ba2fbad49c16c780ccedb0a2162c0ea03b6c1a81240c107752c1ce4ccff3003be36f6e531a

    • SSDEEP

      3072:WCjFWEL33IRZDmGDqhGrMgsmBTWxXM7XI9I5iTY8/g3xoXX1UG3ERWR3L+:tj4EL3WDmqBTWSX958dg3CXX1FU0VC

    Score
    10/10
    danabotsmokeloaderbackdoorbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks