Extracted

• • Target

    a2bc5c94f2d768187205178c2d089bf21542c72ca3910d43d5fb796cf0aa08a2

  • Size

    214KB

  • MD5

    c05d11bf62a4af347ba8caca87eb6b7f

  • SHA1

    7c568736f6b62941305b436e803db675e5af1a96

  • SHA256

    a2bc5c94f2d768187205178c2d089bf21542c72ca3910d43d5fb796cf0aa08a2

  • SHA512

    d8ac0cb6c49a1292c65e9dc2da9e3b7d29d81409b6e4a105cfe650d4b504af244b7ef01432a9aba8c5cd1de0ea983122302b37d7e639727e72ebc589a31ee021

  • SSDEEP

    3072:HXUZPFLLQDB7vRwwVPvUTM6Ef81sV2Zx5fxSsa5RwuNRAtOba+4LtlPnZjcbImdl:3U5FLLkB2gFXgfxY5R30TPnZjcbXF

  Score

  10^/10

  danabotsmokeloaderbackdoorbankertrojan

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Detects Smokeloader packer

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1