Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    214KB

  • Sample

    221218-jnp3bsba49

  • MD5

    94ce7e3bc61e8f5825b3416dccd1c481

  • SHA1

    699b3330bbcdb08df4e5ee3c4e2343b33bb957bd

  • SHA256

    451ec0852088a55084102632e636204feef0989fabe57dc0cb602c4173dc48fa

  • SHA512

    1caf1d8d4ebdf2caafa092484d03653823c85e394531cea2e00937f5b38c75fe17b1ba86d810bdc6f95f0e5b0d8f6b21afdad260f278331e211095262649f8e9

  • SSDEEP

    6144:Lf25OL4bdsVV2jEjxrxwRGgg3CwVpU0VB:Lf2AUxsVVQEjxfvSwVqO

Score
10/10
danabotsmokeloaderbackdoorbankerdiscoverytrojan

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443
Attributes
  • embedded_hash

    8F56CD73F6B5CD5D7B17B0BA61E70A82

  • type

    loader

Targets

    • Target

      file.exe

    • Size

      214KB

    • MD5

      94ce7e3bc61e8f5825b3416dccd1c481

    • SHA1

      699b3330bbcdb08df4e5ee3c4e2343b33bb957bd

    • SHA256

      451ec0852088a55084102632e636204feef0989fabe57dc0cb602c4173dc48fa

    • SHA512

      1caf1d8d4ebdf2caafa092484d03653823c85e394531cea2e00937f5b38c75fe17b1ba86d810bdc6f95f0e5b0d8f6b21afdad260f278331e211095262649f8e9

    • SSDEEP

      6144:Lf25OL4bdsVV2jEjxrxwRGgg3CwVpU0VB:Lf2AUxsVVQEjxfvSwVqO

    Score
    10/10
    smokeloaderbackdoortrojandanabotbankerdiscovery

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks