General

  • Target

    file.exe

  • Size

    213KB

  • Sample

    221218-nr99wsef4v

  • MD5

    9117f212a2f57705e901670a1fad6a8d

  • SHA1

    2415e5e4d485eeb626e9e520b73a3e12a2b77a29

  • SHA256

    60165a40c8576386d542470be7d9615842681dccc012b51ec002dbef2c384eae

  • SHA512

    29420a361bc9391277b3b9cd869639cb5738aad871208517540dac5cfd7a8096d9d9dbea44deb0cb3cbb8cbd20e794576d4dc2b58917d26473f675f68799d0f9

  • SSDEEP

    6144:QzjKLh8dSeFpG1TTmZRU5M+vDr+jlVklPH:Qz+dapiTw+GVlU

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443

Attributes
  • embedded_hash

    743A0AAD5385ACE6E70A468262E93885

  • type

    loader

Targets

    • Target

      file.exe

    • Size

      213KB

    • MD5

      9117f212a2f57705e901670a1fad6a8d

    • SHA1

      2415e5e4d485eeb626e9e520b73a3e12a2b77a29

    • SHA256

      60165a40c8576386d542470be7d9615842681dccc012b51ec002dbef2c384eae

    • SHA512

      29420a361bc9391277b3b9cd869639cb5738aad871208517540dac5cfd7a8096d9d9dbea44deb0cb3cbb8cbd20e794576d4dc2b58917d26473f675f68799d0f9

    • SSDEEP

      6144:QzjKLh8dSeFpG1TTmZRU5M+vDr+jlVklPH:Qz+dapiTw+GVlU

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks