danabot | 489437b24ecd011538918fbd80d3ad06dc2a2b63207dfe937bd3f6dcefe11a55 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

489437b24ecd011538918fbd80d3ad06dc2a2b63207dfe937bd3f6dcefe11a55
Size

307KB
Sample

221219-fycyzaec65
MD5

ddf6f2c3455fb5f4738536262dd38afe
SHA1

f800d1f0f3b4de746a0663a13a4c8846b041404e
SHA256

489437b24ecd011538918fbd80d3ad06dc2a2b63207dfe937bd3f6dcefe11a55
SHA512

21ffe2954f3c2e42f4400dd3619c9632a8800812c8b9450c5594568ade56e3490b20f4aa0a8684bc53578daa637e7b42055c0771ff20d34e11b91e143899870a
SSDEEP

6144:Bl5ULz/YGW19tz8bG5geqDGO1oK/Fn77jcJ0iPvzpQ6rFiaI:BY3/YGk9mbG54DG4ocFnixnzpQ6rF

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

489437b24ecd011538918fbd80d3ad06dc2a2b63207dfe937bd3f6dcefe11a55.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  489437b24ecd011538918fbd80d3ad06dc2a2b63207dfe937bd3f6dcefe11a55
- Size
  
  307KB
- MD5
  
  ddf6f2c3455fb5f4738536262dd38afe
- SHA1
  
  f800d1f0f3b4de746a0663a13a4c8846b041404e
- SHA256
  
  489437b24ecd011538918fbd80d3ad06dc2a2b63207dfe937bd3f6dcefe11a55
- SHA512
  
  21ffe2954f3c2e42f4400dd3619c9632a8800812c8b9450c5594568ade56e3490b20f4aa0a8684bc53578daa637e7b42055c0771ff20d34e11b91e143899870a
- SSDEEP
  
  6144:Bl5ULz/YGW19tz8bG5geqDGO1oK/Fn77jcJ0iPvzpQ6rFiaI:BY3/YGk9mbG54DG4ocFnixnzpQ6rF
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy