danabot | 10c740c5223c231638ce0698e795f6dfe44fffe25b694a7005efd72e30fe1a21 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

10c740c5223c231638ce0698e795f6dfe44fffe25b694a7005efd72e30fe1a21
Size

306KB
Sample

221219-f1dchshc6z
MD5

f7ea58fd88a74d2ae69347cff426747b
SHA1

96de6d8700a1e8cf0cee0242799704f974ea94ee
SHA256

10c740c5223c231638ce0698e795f6dfe44fffe25b694a7005efd72e30fe1a21
SHA512

b7277938a9f425587e092a8d27065a429bca826d3a83409dbf0bbec6ae07ecbc8cdd1ad7c32ad8aeaf32277e41202662a64485a7e79b5c0ba8bb27ad74484727
SSDEEP

6144:5CfALtfX0FlgFP8QN5ASLsCVf0iPvzpQ6rFiaI:5xxfXUm8QNWSL3hxnzpQ6rF

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

10c740c5223c231638ce0698e795f6dfe44fffe25b694a7005efd72e30fe1a21.exe

Resource

win10-20220901-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  10c740c5223c231638ce0698e795f6dfe44fffe25b694a7005efd72e30fe1a21
- Size
  
  306KB
- MD5
  
  f7ea58fd88a74d2ae69347cff426747b
- SHA1
  
  96de6d8700a1e8cf0cee0242799704f974ea94ee
- SHA256
  
  10c740c5223c231638ce0698e795f6dfe44fffe25b694a7005efd72e30fe1a21
- SHA512
  
  b7277938a9f425587e092a8d27065a429bca826d3a83409dbf0bbec6ae07ecbc8cdd1ad7c32ad8aeaf32277e41202662a64485a7e79b5c0ba8bb27ad74484727
- SSDEEP
  
  6144:5CfALtfX0FlgFP8QN5ASLsCVf0iPvzpQ6rFiaI:5xxfXUm8QNWSL3hxnzpQ6rF
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy