General

  • Target

    be6d8fb079edde785e2c8aad62460ea5bef26bc82ea25eec043ccb8ebbbe37ec

  • Size

    213KB

  • Sample

    221218-a2b8ysab94

  • MD5

    a1c9a67736cb6a5f5cc8ef0d2cc18a77

  • SHA1

    eea448dd8ff1eda01c89a12719e9852e702f75f6

  • SHA256

    be6d8fb079edde785e2c8aad62460ea5bef26bc82ea25eec043ccb8ebbbe37ec

  • SHA512

    620370bd6b85f3dc745ef8185fbe65f504400a1f1151fe29128ba826f8896e215aace629c3e30f38fad29bbf83b133bb1275052867c7ac750d28d32993bb2ee5

  • SSDEEP

    3072:u81aRudfDLppHZwRqe1p9pn3ch5Z4A+zfN8/g3xoNu0WdPIpb3G3ERWR3Le:JARGbLpNw1LCcOg3CNTYQpbWU0V6

Malware Config

Extracted

Family

danabot

Attributes
  • embedded_hash

    8F56CD73F6B5CD5D7B17B0BA61E70A82

  • type

    loader

Targets

    • Target

      be6d8fb079edde785e2c8aad62460ea5bef26bc82ea25eec043ccb8ebbbe37ec

    • Size

      213KB

    • MD5

      a1c9a67736cb6a5f5cc8ef0d2cc18a77

    • SHA1

      eea448dd8ff1eda01c89a12719e9852e702f75f6

    • SHA256

      be6d8fb079edde785e2c8aad62460ea5bef26bc82ea25eec043ccb8ebbbe37ec

    • SHA512

      620370bd6b85f3dc745ef8185fbe65f504400a1f1151fe29128ba826f8896e215aace629c3e30f38fad29bbf83b133bb1275052867c7ac750d28d32993bb2ee5

    • SSDEEP

      3072:u81aRudfDLppHZwRqe1p9pn3ch5Z4A+zfN8/g3xoNu0WdPIpb3G3ERWR3Le:JARGbLpNw1LCcOg3CNTYQpbWU0V6

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks