Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    486c914e38ba0f6e213f57e43b64f4cfbfa8cca74d8a8f35b6ebaa301bf0eb37

  • Size

    214KB

  • Sample

    221219-akc4xsdh95

  • MD5

    207ba7ed25d453f62e66500679712ab1

  • SHA1

    715fd8e336e8c8d2250f48e8f2478e730b259402

  • SHA256

    486c914e38ba0f6e213f57e43b64f4cfbfa8cca74d8a8f35b6ebaa301bf0eb37

  • SHA512

    3b2c4c7e365f5f9ef5c575149572f4047f0f6f523e131b4250dc239b1a4141386ba879798b9e558cf18ef1ac46c2af59d5be1a85a95f4a9432014a481c9498aa

  • SSDEEP

    3072:2HIEriL+qKaRrIYQOFYWv7rS6cPbsNzz+lVQoaNRAtOba+xlac1gjcbImdzmuX:2zriL+qGY/h61TsNzKlVQP0M1gjcbXF

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      486c914e38ba0f6e213f57e43b64f4cfbfa8cca74d8a8f35b6ebaa301bf0eb37

    • Size

      214KB

    • MD5

      207ba7ed25d453f62e66500679712ab1

    • SHA1

      715fd8e336e8c8d2250f48e8f2478e730b259402

    • SHA256

      486c914e38ba0f6e213f57e43b64f4cfbfa8cca74d8a8f35b6ebaa301bf0eb37

    • SHA512

      3b2c4c7e365f5f9ef5c575149572f4047f0f6f523e131b4250dc239b1a4141386ba879798b9e558cf18ef1ac46c2af59d5be1a85a95f4a9432014a481c9498aa

    • SSDEEP

      3072:2HIEriL+qKaRrIYQOFYWv7rS6cPbsNzz+lVQoaNRAtOba+xlac1gjcbImdzmuX:2zriL+qGY/h61TsNzKlVQP0M1gjcbXF

    Score
    10/10
    danabotsmokeloaderbackdoorbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks