danabot | 78284c9f117c387050311cd0a08d695ca8b1136b0db2f45397a04f1ac5a9a250 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

214KB
Sample

221218-s77k6afe5w
MD5

906d61684a9994d7e338ffbde12a77cc
SHA1

d4e08cd8096504aca9a01dfae631de580b3da365
SHA256

78284c9f117c387050311cd0a08d695ca8b1136b0db2f45397a04f1ac5a9a250
SHA512

2952dee399886f2b82463eb69eba02b30c29dab0efd1883b826cd2804497fd30b2536cea3cf8d2acb42065be6f3a47dcc567f38917bfdf9b754988f2bf4f9a06
SSDEEP

6144:UkJLPvkxjs9QVO/+ywvE+JHq8TjlVklPH:UkJjcNsuVO/CECflU

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220901-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443

Attributes

embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
type
loader

Targets

- Target
  
  file.exe
- Size
  
  214KB
- MD5
  
  906d61684a9994d7e338ffbde12a77cc
- SHA1
  
  d4e08cd8096504aca9a01dfae631de580b3da365
- SHA256
  
  78284c9f117c387050311cd0a08d695ca8b1136b0db2f45397a04f1ac5a9a250
- SHA512
  
  2952dee399886f2b82463eb69eba02b30c29dab0efd1883b826cd2804497fd30b2536cea3cf8d2acb42065be6f3a47dcc567f38917bfdf9b754988f2bf4f9a06
- SSDEEP
  
  6144:UkJLPvkxjs9QVO/+ywvE+JHq8TjlVklPH:UkJjcNsuVO/CECflU
Score

10^/10

smokeloader backdoor trojan danabot banker
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy