Overview

overview

10

Static

static

98dcf62347...6b.exe

windows7-x64

10

98dcf62347...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98dcf623473af9d9d203d2bd12766bb4432864f2de05cf1c95f751dec8f9f46b

  • Size

    141KB

  • Sample

    221219-fdcsgaec39

  • MD5

    a80265c187682d9a3aea6ff8696f4f0b

  • SHA1

    fc6b7705a83585d1c5ccc15d2b4b6791420acdf9

  • SHA256

    b56d895e509b1a168ab8c9f1d9ee886eff9b3fcdc7b066559fb44a3f98a6ac33

  • SHA512

    400191e92e1bacb6ddc57e5c0bde21b816ea9f03d70a0c189ccf601b24bdbc3dd56d1b57075c7898ac28f3fd716b434c628855b40a7fc5f47b794d8611c1cc69

  • SSDEEP

    3072:rExjylea+LO2j/SUkM12B2vYZlRJj8itssjMQHY1/8GFUV98:ajcea+LO2wZNzjYe4

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      98dcf623473af9d9d203d2bd12766bb4432864f2de05cf1c95f751dec8f9f46b

    • Size

      213KB

    • MD5

      08ae7a1aa9f217f506a489468d0b7fd2

    • SHA1

      537c5ce4a56125d0cba972f10107c7907b1f29d9

    • SHA256

      98dcf623473af9d9d203d2bd12766bb4432864f2de05cf1c95f751dec8f9f46b

    • SHA512

      e63619b07be2ce94143663095187cfcc5921e8148e527380fa96df08d746ba45f09f1b75b92f7f0b8de8b2f42b9fe4767794cf944687eed37e2a81a7234a3548

    • SSDEEP

      3072:EZgY11L5BBckRzOiMfWZ+QVfSjHs3GR6HSj9dPZg3uyuP+HOil3lk025PH:/EL7qkbZTSw3Yl56+OjlVklPH

    Score
    10/10
    smokeloaderbackdoortrojandanabotbanker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks