danabot | 7cb730ff9cc0d98eb54dfeadca673e722e6234ca274950fe530e26a9324b270e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

7cb730ff9cc0d98eb54dfeadca673e722e6234ca274950fe530e26a9324b270e
Size

215KB
Sample

221218-2d281sgh2x
MD5

efdffe31016f54cbc72a8b17503bc7dc
SHA1

5259431d6043506c31a1c15c2de50d0f0ec6444f
SHA256

7cb730ff9cc0d98eb54dfeadca673e722e6234ca274950fe530e26a9324b270e
SHA512

da538d14bd416626220f73cbbc33d025b91b5904089f52eb02caf5caa308896ef31b1f8d1e7eb127108026c5584e05abfbef91d65b1898173f085700cd6b2ddf
SSDEEP

3072:WBTMKLdpMpNaRyyhewP0YfUNX61SuSdaNRAtOba+/zdn+hjcbImdzmuX:WKKLDMpfUfW61480Mdn+hjcbXF

Score

10^/10

danabot smokeloader backdoor banker discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

7cb730ff9cc0d98eb54dfeadca673e722e6234ca274950fe530e26a9324b270e.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker discovery persistence trojan

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  7cb730ff9cc0d98eb54dfeadca673e722e6234ca274950fe530e26a9324b270e
- Size
  
  215KB
- MD5
  
  efdffe31016f54cbc72a8b17503bc7dc
- SHA1
  
  5259431d6043506c31a1c15c2de50d0f0ec6444f
- SHA256
  
  7cb730ff9cc0d98eb54dfeadca673e722e6234ca274950fe530e26a9324b270e
- SHA512
  
  da538d14bd416626220f73cbbc33d025b91b5904089f52eb02caf5caa308896ef31b1f8d1e7eb127108026c5584e05abfbef91d65b1898173f085700cd6b2ddf
- SSDEEP
  
  3072:WBTMKLdpMpNaRyyhewP0YfUNX61SuSdaNRAtOba+/zdn+hjcbImdzmuX:WKKLDMpfUfW61480Mdn+hjcbXF
Score

10^/10

danabot smokeloader backdoor banker discovery persistence trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy