danabot | ac3cbbc36a7a5c9f551aca322dc0e19578d12a9bca3346cc5ff298e811f1b0f3 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

ac3cbbc36a7a5c9f551aca322dc0e19578d12a9bca3346cc5ff298e811f1b0f3
Size

214KB
Sample

221218-wbyvxsda93
MD5

dbac1e546c31e01df2df4b2ebee2f2b5
SHA1

f7837f0e02f5c0e7f3dd5ad86ee9946e1a6c81d1
SHA256

ac3cbbc36a7a5c9f551aca322dc0e19578d12a9bca3346cc5ff298e811f1b0f3
SHA512

59772e87a7b596dda7afb9895fa00c5eaaacc423c8260f6c9bbca1b5218cc48424e12fb6c2d810252fbad8a8217b9d642c99dcb1d43c15d3a5228cd3cf9054e7
SSDEEP

3072:WwUBO36L+Zj21WClRB4cRO0BZyGiyctNRAtOba+3QnBtjcbImdzmuX:nUBNL+x21j9xRO0BZ/ct03BtjcbXF

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

ac3cbbc36a7a5c9f551aca322dc0e19578d12a9bca3346cc5ff298e811f1b0f3.exe

Resource

win10v2004-20220901-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443

Attributes

embedded_hash
8F56CD73F6B5CD5D7B17B0BA61E70A82
type
loader

Targets

- Target
  
  ac3cbbc36a7a5c9f551aca322dc0e19578d12a9bca3346cc5ff298e811f1b0f3
- Size
  
  214KB
- MD5
  
  dbac1e546c31e01df2df4b2ebee2f2b5
- SHA1
  
  f7837f0e02f5c0e7f3dd5ad86ee9946e1a6c81d1
- SHA256
  
  ac3cbbc36a7a5c9f551aca322dc0e19578d12a9bca3346cc5ff298e811f1b0f3
- SHA512
  
  59772e87a7b596dda7afb9895fa00c5eaaacc423c8260f6c9bbca1b5218cc48424e12fb6c2d810252fbad8a8217b9d642c99dcb1d43c15d3a5228cd3cf9054e7
- SSDEEP
  
  3072:WwUBO36L+Zj21WClRB4cRO0BZyGiyctNRAtOba+3QnBtjcbImdzmuX:nUBNL+x21j9xRO0BZ/ct03BtjcbXF
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy