danabot | b892b28b697e59e1b97c653a895db3bad17add00f51d0201539ab13161c17080 | Triage

Submit
Reports

Overview

overview

Static

static

b1d7ba149c...73.exe

windows7-x64

b1d7ba149c...73.exe

windows10-2004-x64

Sharing

General

Target

b1d7ba149c8bd3946513f5bd15cfa1ac3c1aedf9d6b58e05a68485a9343f9073
Size

142KB
Sample

221219-d9lddahb7y
MD5

3865cff2d60ee28b788f7934969e4d8a
SHA1

d8189910822b7226f35eb41451b63f23a4d19cc9
SHA256

b892b28b697e59e1b97c653a895db3bad17add00f51d0201539ab13161c17080
SHA512

ffcb77c107bdbd68b6735a2a8b4315840bee96a55a8a923b4b1310a7ea24090a3d289498f4103810b06e6f2390543a27ee84a980347d12ce074371f682b15110
SSDEEP

3072:Whoay6U/lWZ1R8R+FVU4rw8EjIJeccnOzPlUq9B1LuKuLO4W9j:WCaVmwDNFyz8EjIJec3zuqZpuLvW9

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

b1d7ba149c8bd3946513f5bd15cfa1ac3c1aedf9d6b58e05a68485a9343f9073.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

b1d7ba149c8bd3946513f5bd15cfa1ac3c1aedf9d6b58e05a68485a9343f9073.exe

Resource

win10v2004-20220901-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  b1d7ba149c8bd3946513f5bd15cfa1ac3c1aedf9d6b58e05a68485a9343f9073
- Size
  
  214KB
- MD5
  
  68a7eecd08bda776b56e88838847855b
- SHA1
  
  8181ea7ba0bc72583e9708ac51c55d2d11ea8579
- SHA256
  
  b1d7ba149c8bd3946513f5bd15cfa1ac3c1aedf9d6b58e05a68485a9343f9073
- SHA512
  
  b25b2a00e2fcbf6da4d30f6406357329a1e596319069ba7187ad061a4ce0e0d647a56def5a40f0f4e6f1edc464242a38d46e185c2348aea682ca899136afa9ae
- SSDEEP
  
  3072:wfiX5QL8qNDhx5RsfeK6NyW85EdNRAtOba+BnBuRD4jcbImdzmuX:yiXiL86DhQeK6Edud0KBmsjcbXF
Score

10^/10

smokeloader backdoor trojan danabot banker
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy