danabot | 554f8178fde6f28d1b4d924bf3d5a1385265be6c45cd3b54ed000c6d04ed2940 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

554f8178fde6f28d1b4d924bf3d5a1385265be6c45cd3b54ed000c6d04ed2940
Size

214KB
Sample

221218-r45rqacd69
MD5

9e19a1bbe97ae7591504a361a540c2e7
SHA1

4006adb77aa693e9739909ddbd7d7ad082c935e7
SHA256

554f8178fde6f28d1b4d924bf3d5a1385265be6c45cd3b54ed000c6d04ed2940
SHA512

a526897f9a98abf1d2c9c40ba45a801577452f9c918fd463e840adbf502bff9ca33e7766fc6a233571ae897cd3686bd7303b6a06fda7cb3364f5ed992dde4c3d
SSDEEP

3072:IfOs2LR24RefSQ9o6EgkNOaXFQ5Zthoq2I1g3uRlbTwHOil3lk025PH:m+Lo9B7EgAVWoSu+fwjlVklPH

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

554f8178fde6f28d1b4d924bf3d5a1385265be6c45cd3b54ed000c6d04ed2940.exe

Resource

win10-20220812-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443

Attributes

embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
type
loader

Targets

- Target
  
  554f8178fde6f28d1b4d924bf3d5a1385265be6c45cd3b54ed000c6d04ed2940
- Size
  
  214KB
- MD5
  
  9e19a1bbe97ae7591504a361a540c2e7
- SHA1
  
  4006adb77aa693e9739909ddbd7d7ad082c935e7
- SHA256
  
  554f8178fde6f28d1b4d924bf3d5a1385265be6c45cd3b54ed000c6d04ed2940
- SHA512
  
  a526897f9a98abf1d2c9c40ba45a801577452f9c918fd463e840adbf502bff9ca33e7766fc6a233571ae897cd3686bd7303b6a06fda7cb3364f5ed992dde4c3d
- SSDEEP
  
  3072:IfOs2LR24RefSQ9o6EgkNOaXFQ5Zthoq2I1g3uRlbTwHOil3lk025PH:m+Lo9B7EgAVWoSu+fwjlVklPH
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy