danabot | 8a2d5eb9812c117d72f8192ab9709a20e392bf3527671026b79594db7c0a6820 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

8a2d5eb9812c117d72f8192ab9709a20e392bf3527671026b79594db7c0a6820
Size

215KB
Sample

221219-e5majshc3w
MD5

3b17f10ec44f19f0e4e05fb5c3d5fb20
SHA1

9afeff022ddd92b6dac4017dcc272a1497820105
SHA256

8a2d5eb9812c117d72f8192ab9709a20e392bf3527671026b79594db7c0a6820
SHA512

bd4eb7e6ca93544df0f75a18530292aaed0e02e2e42bfe0961d5e8f1a9bcbf5404e6f5799bec59cb33dd84a5b827195cc7fc961df07ca0632b18783e20955d15
SSDEEP

3072:JekQL87GOaRWHf7ucni1rKjsECwfMIawaNRAtOba+lhgjcbImdzmuX:JLQL8GoHTuc8e7CR/30agjcbXF

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

8a2d5eb9812c117d72f8192ab9709a20e392bf3527671026b79594db7c0a6820.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  8a2d5eb9812c117d72f8192ab9709a20e392bf3527671026b79594db7c0a6820
- Size
  
  215KB
- MD5
  
  3b17f10ec44f19f0e4e05fb5c3d5fb20
- SHA1
  
  9afeff022ddd92b6dac4017dcc272a1497820105
- SHA256
  
  8a2d5eb9812c117d72f8192ab9709a20e392bf3527671026b79594db7c0a6820
- SHA512
  
  bd4eb7e6ca93544df0f75a18530292aaed0e02e2e42bfe0961d5e8f1a9bcbf5404e6f5799bec59cb33dd84a5b827195cc7fc961df07ca0632b18783e20955d15
- SSDEEP
  
  3072:JekQL87GOaRWHf7ucni1rKjsECwfMIawaNRAtOba+lhgjcbImdzmuX:JLQL8GoHTuc8e7CR/30agjcbXF
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy