Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5358987e29bbc904b8a14e89db649725e8fd97c2b2b369a30a3a3843357c76bf

  • Size

    215KB

  • Sample

    221218-1h8qxsgg4s

  • MD5

    8b0f52e9c1e77d9a28a42c37b9e0f85e

  • SHA1

    2366e4199e5337a4372d70ad61e9b0b5b4ebcbd3

  • SHA256

    5358987e29bbc904b8a14e89db649725e8fd97c2b2b369a30a3a3843357c76bf

  • SHA512

    d683fb13efc93431a81ea9f98a37d95471df12bc10f5c7db66f9a309613a16e7c6c062bea473363c8e4fc3f67bd0508e51077be326926f265d9cb5c800b331c3

  • SSDEEP

    3072:MhlgLV5saR9MAmVtSBS40za9JIOJXKaNRAtOba+OljcbImdzmuX:M3gLV5KAmVt5gnJX90/ljcbXF

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      5358987e29bbc904b8a14e89db649725e8fd97c2b2b369a30a3a3843357c76bf

    • Size

      215KB

    • MD5

      8b0f52e9c1e77d9a28a42c37b9e0f85e

    • SHA1

      2366e4199e5337a4372d70ad61e9b0b5b4ebcbd3

    • SHA256

      5358987e29bbc904b8a14e89db649725e8fd97c2b2b369a30a3a3843357c76bf

    • SHA512

      d683fb13efc93431a81ea9f98a37d95471df12bc10f5c7db66f9a309613a16e7c6c062bea473363c8e4fc3f67bd0508e51077be326926f265d9cb5c800b331c3

    • SSDEEP

      3072:MhlgLV5saR9MAmVtSBS40za9JIOJXKaNRAtOba+OljcbImdzmuX:M3gLV5KAmVt5gnJX90/ljcbXF

    Score
    10/10
    danabotsmokeloaderbackdoorbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks