danabot | d1ed125eb1775546c75daf8cbeb11f75d02f16f3ce7eaefa649529bce043ed3f | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

d1ed125eb1775546c75daf8cbeb11f75d02f16f3ce7eaefa649529bce043ed3f
Size

215KB
Sample

221218-1k92rsdg73
MD5

3614cd25b19543f02ba2e54cffcc733d
SHA1

4f0eeab3966e7c733c164d801f24659b39051c7f
SHA256

d1ed125eb1775546c75daf8cbeb11f75d02f16f3ce7eaefa649529bce043ed3f
SHA512

d5c4ac0a74c5759c687059efb40f0ada7e7429f0fe6ae82d754b38a8d8063344f4bbfd190da806e6272e664dd401d6f7fdac562d232436ae92c33174c9e172f0
SSDEEP

3072:9hxpqLrgLaRl8fv+sr8P+oG4Ta1B0jJI8bFKVaaNRAtOba+VPCsjcbImdzmuX:9PpqLrgcSojO1OsVN0OvjcbXF

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

d1ed125eb1775546c75daf8cbeb11f75d02f16f3ce7eaefa649529bce043ed3f.exe

Resource

win10v2004-20220901-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  d1ed125eb1775546c75daf8cbeb11f75d02f16f3ce7eaefa649529bce043ed3f
- Size
  
  215KB
- MD5
  
  3614cd25b19543f02ba2e54cffcc733d
- SHA1
  
  4f0eeab3966e7c733c164d801f24659b39051c7f
- SHA256
  
  d1ed125eb1775546c75daf8cbeb11f75d02f16f3ce7eaefa649529bce043ed3f
- SHA512
  
  d5c4ac0a74c5759c687059efb40f0ada7e7429f0fe6ae82d754b38a8d8063344f4bbfd190da806e6272e664dd401d6f7fdac562d232436ae92c33174c9e172f0
- SSDEEP
  
  3072:9hxpqLrgLaRl8fv+sr8P+oG4Ta1B0jJI8bFKVaaNRAtOba+VPCsjcbImdzmuX:9PpqLrgcSojO1OsVN0OvjcbXF
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy