danabot | da8a7eaccf860f610e4b48827ec1359017cb44774b62186eab0cf3f573542583 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

da8a7eaccf860f610e4b48827ec1359017cb44774b62186eab0cf3f573542583
Size

215KB
Sample

221218-3zvxhadh84
MD5

c3407fd05177d1d851d74a81cadeedbc
SHA1

cf6fd8e164ee312126a4244002fbb0afe757b656
SHA256

da8a7eaccf860f610e4b48827ec1359017cb44774b62186eab0cf3f573542583
SHA512

cb84f64a35b4ab4e0467ee121be32c86f7553af68f9d3bba343b98660fa47fdf9c7ec57aeae81398b51c3ea0266c975d453f1bf119475478c2e123951618f17d
SSDEEP

3072:/nLnLdLZbAbaRt8MneBgGp9yuTkAEM3bkix15bwBraNRAtOba+WO49yjcbImdzm:/7LdLZbAW8/JFIhMrTuO02bjcbXF

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

da8a7eaccf860f610e4b48827ec1359017cb44774b62186eab0cf3f573542583.exe

Resource

win10-20220812-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  da8a7eaccf860f610e4b48827ec1359017cb44774b62186eab0cf3f573542583
- Size
  
  215KB
- MD5
  
  c3407fd05177d1d851d74a81cadeedbc
- SHA1
  
  cf6fd8e164ee312126a4244002fbb0afe757b656
- SHA256
  
  da8a7eaccf860f610e4b48827ec1359017cb44774b62186eab0cf3f573542583
- SHA512
  
  cb84f64a35b4ab4e0467ee121be32c86f7553af68f9d3bba343b98660fa47fdf9c7ec57aeae81398b51c3ea0266c975d453f1bf119475478c2e123951618f17d
- SSDEEP
  
  3072:/nLnLdLZbAbaRt8MneBgGp9yuTkAEM3bkix15bwBraNRAtOba+WO49yjcbImdzm:/7LdLZbAW8/JFIhMrTuO02bjcbXF
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy