Overview

overview

10

Static

static

98dcf62347...6b.exe

windows7-x64

10

98dcf62347...6b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98dcf623473af9d9d203d2bd12766bb4432864f2de05cf1c95f751dec8f9f46b

  • Size

    141KB

  • Sample

    221219-hb1gvsed38

  • MD5

    644555e1f4707f54c32ab6f3fe43fefa

  • SHA1

    3c264b6f2418017e1496b6fffef9066e7f97cfdc

  • SHA256

    71754190eea4f1a5e4b54e36172fa373bb71b5e000c76872c50b47838915421b

  • SHA512

    92bd74ab07849188e32cee4feaa528204f4d0e45377c8fe0b03e34327cf0570eb60b3d2d09d088f352cafa31518d33068f65e99b14afe8e7eac9c68c8bd8546b

  • SSDEEP

    3072:wExjylea+LO2j/SUkM12B2vYZlRJj8itssjMQHY1/8GFUV9P:Djcea+LO2wZNzjYeD

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      98dcf623473af9d9d203d2bd12766bb4432864f2de05cf1c95f751dec8f9f46b

    • Size

      213KB

    • MD5

      08ae7a1aa9f217f506a489468d0b7fd2

    • SHA1

      537c5ce4a56125d0cba972f10107c7907b1f29d9

    • SHA256

      98dcf623473af9d9d203d2bd12766bb4432864f2de05cf1c95f751dec8f9f46b

    • SHA512

      e63619b07be2ce94143663095187cfcc5921e8148e527380fa96df08d746ba45f09f1b75b92f7f0b8de8b2f42b9fe4767794cf944687eed37e2a81a7234a3548

    • SSDEEP

      3072:EZgY11L5BBckRzOiMfWZ+QVfSjHs3GR6HSj9dPZg3uyuP+HOil3lk025PH:/EL7qkbZTSw3Yl56+OjlVklPH

    Score
    10/10
    smokeloaderbackdoortrojandanabotbanker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks