Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4c33f70d5002326a29fddebe2932d4c6c157d831412acfb04fc52b346f1b2eea

  • Size

    213KB

  • Sample

    221218-xhh9gsgc5z

  • MD5

    84e5a14c11d91acf6d9c91726a6142e2

  • SHA1

    67c2ab96656f25928a4cae13f004c34893c9f10e

  • SHA256

    4c33f70d5002326a29fddebe2932d4c6c157d831412acfb04fc52b346f1b2eea

  • SHA512

    3ea62501e5a4edb269d19b7107dce01d5c010e837eb9f1a290335f10ee9d258b8eb850cfaecc680802cf8ba89175218dda5de18c500710217d9375151f0e2d9e

  • SSDEEP

    3072:9poP9LtdOcQLRE+npq1nDdtWLnRoDb/vekNRAtOba+WejdjcbImdzmuX:Lo1LtkcNs01anefL0KxjcbXF

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443
Attributes
  • embedded_hash

    8F56CD73F6B5CD5D7B17B0BA61E70A82

  • type

    loader

Targets

    • Target

      4c33f70d5002326a29fddebe2932d4c6c157d831412acfb04fc52b346f1b2eea

    • Size

      213KB

    • MD5

      84e5a14c11d91acf6d9c91726a6142e2

    • SHA1

      67c2ab96656f25928a4cae13f004c34893c9f10e

    • SHA256

      4c33f70d5002326a29fddebe2932d4c6c157d831412acfb04fc52b346f1b2eea

    • SHA512

      3ea62501e5a4edb269d19b7107dce01d5c010e837eb9f1a290335f10ee9d258b8eb850cfaecc680802cf8ba89175218dda5de18c500710217d9375151f0e2d9e

    • SSDEEP

      3072:9poP9LtdOcQLRE+npq1nDdtWLnRoDb/vekNRAtOba+WejdjcbImdzmuX:Lo1LtkcNs01anefL0KxjcbXF

    Score
    10/10
    danabotsmokeloaderbackdoorbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks