Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be102c956532ace6f47db2cb6ecda04e16e075789ab901c0352405b517c57f2a

  • Size

    215KB

  • Sample

    221219-egkrtaeb82

  • MD5

    576dce20db5acd0597a24264bee12bf4

  • SHA1

    681fd5e94767cab6959e62329fb2aa30859e4890

  • SHA256

    be102c956532ace6f47db2cb6ecda04e16e075789ab901c0352405b517c57f2a

  • SHA512

    704183bb1541b396c1384bb7bea4248ffe9fdb966bd7a08d91af03d22ee395c93269ebf3f4b85855529929f324f50e6bc61aa4882a830f9fb0dcddc2bb6824cb

  • SSDEEP

    6144:KGSLyLSX6J5RKeJAo/hULP0q3QCjcbXF:KGS+GX6QeJAsC02QCYbXF

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      be102c956532ace6f47db2cb6ecda04e16e075789ab901c0352405b517c57f2a

    • Size

      215KB

    • MD5

      576dce20db5acd0597a24264bee12bf4

    • SHA1

      681fd5e94767cab6959e62329fb2aa30859e4890

    • SHA256

      be102c956532ace6f47db2cb6ecda04e16e075789ab901c0352405b517c57f2a

    • SHA512

      704183bb1541b396c1384bb7bea4248ffe9fdb966bd7a08d91af03d22ee395c93269ebf3f4b85855529929f324f50e6bc61aa4882a830f9fb0dcddc2bb6824cb

    • SSDEEP

      6144:KGSLyLSX6J5RKeJAo/hULP0q3QCjcbXF:KGS+GX6QeJAsC02QCYbXF

    Score
    10/10
    danabotsmokeloaderbackdoorbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks