Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3cefa3c1edd161d27545ffef750c266575bf4df100b5b3652f962f082da9b93b

  • Size

    213KB

  • Sample

    221218-zeq62adg22

  • MD5

    3e23f49eff3b4d6053df76fc0376b927

  • SHA1

    ed5990226d937c0700b8ada712e5d2b2896f04d9

  • SHA256

    3cefa3c1edd161d27545ffef750c266575bf4df100b5b3652f962f082da9b93b

  • SHA512

    9fd7fc065f55ff8538eae5886008e0fc53daf3abfe75fd30b6c97c48e939677d9a39d150953c5bf4727c0929d0d13bdb773ad9b071cb404b7186b1aa7dab9755

  • SSDEEP

    3072:n7u3rHzLeqoGWgR3/0OSEX6JJa3lIIVNRAtOba+De2tVjcbImdzmuX:7u3vLeFG7jX6Da190GTjcbXF

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Extracted

Family

danabot

C2

23.236.181.126:443

123.253.35.251:443

66.85.173.3:443
Attributes
  • embedded_hash

    8F56CD73F6B5CD5D7B17B0BA61E70A82

  • type

    loader

Targets

    • Target

      3cefa3c1edd161d27545ffef750c266575bf4df100b5b3652f962f082da9b93b

    • Size

      213KB

    • MD5

      3e23f49eff3b4d6053df76fc0376b927

    • SHA1

      ed5990226d937c0700b8ada712e5d2b2896f04d9

    • SHA256

      3cefa3c1edd161d27545ffef750c266575bf4df100b5b3652f962f082da9b93b

    • SHA512

      9fd7fc065f55ff8538eae5886008e0fc53daf3abfe75fd30b6c97c48e939677d9a39d150953c5bf4727c0929d0d13bdb773ad9b071cb404b7186b1aa7dab9755

    • SSDEEP

      3072:n7u3rHzLeqoGWgR3/0OSEX6JJa3lIIVNRAtOba+De2tVjcbImdzmuX:7u3vLeFG7jX6Da190GTjcbXF

    Score
    10/10
    danabotsmokeloaderbackdoorbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks