danabot | e2f469b9cea009d8cd506b832478573a19d85511e6b39986e8c35ae166974d3e | Triage

Submit
Reports

Overview

overview

Static

static

cc34204494...e6.exe

windows7-x64

cc34204494...e6.exe

windows10-2004-x64

Sharing

General

Target

cc34204494d316e46e26cd28b13d6a7ac540f7d0b6058c026e37fc83ec55aee6
Size

141KB
Sample

221219-eg92pseb83
MD5

3a2d1defe79dca79baf546909a2703c9
SHA1

b6c60f7ba9e290f373423cdbd2238ce4f00f6930
SHA256

e2f469b9cea009d8cd506b832478573a19d85511e6b39986e8c35ae166974d3e
SHA512

81df6d4e5e95bcb27baf2d5a0ee4fd45001e3e6f7ee0586631fbd9727fbbfc1da64a57512f43fbcb94c36c14d64bde55a00ecec4ce865ff12676e066c0aac117
SSDEEP

3072:HMw+yRsZagmOtKb5a/LxgcUeh0Pk5y3PdAuQSC1ixT:sfSYk5Ydg80PuUPKYT

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

cc34204494d316e46e26cd28b13d6a7ac540f7d0b6058c026e37fc83ec55aee6.exe

Resource

win7-20220901-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

cc34204494d316e46e26cd28b13d6a7ac540f7d0b6058c026e37fc83ec55aee6.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  cc34204494d316e46e26cd28b13d6a7ac540f7d0b6058c026e37fc83ec55aee6
- Size
  
  214KB
- MD5
  
  251a41fc5e568b24574e7a0649679240
- SHA1
  
  5f0ce9ee0c94d5e0d0c64ac435f4a1f6241ed2a1
- SHA256
  
  cc34204494d316e46e26cd28b13d6a7ac540f7d0b6058c026e37fc83ec55aee6
- SHA512
  
  60c8feca298910e7606a3b3b4364423f5585f9a4b8f454dab92a23b06d2118d6eef34cbafbb14b2fa3e08f8c92f8ff7cb43f8f60b320e7bc6212ae2aef66f89a
- SSDEEP
  
  6144:Q9MLzWvtOIx+kkS169CKxPgnYypx+hH0MjlVklPH:Q9MvWv8IEkFwfPgvXuJlU
Score

10^/10

smokeloader backdoor trojan danabot banker
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy