danabot | a326ea034a7c1e3e5c9db7c0bf8481d18cecfdcaf1e8e8155c0b6ceb1dd574c0 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

a326ea034a7c1e3e5c9db7c0bf8481d18cecfdcaf1e8e8155c0b6ceb1dd574c0
Size

305KB
Sample

221219-ht48rshd9w
MD5

38534d532efd591c8e8ac97eca8d0571
SHA1

732865d75c66eb16492b3efc24dd650079744b60
SHA256

a326ea034a7c1e3e5c9db7c0bf8481d18cecfdcaf1e8e8155c0b6ceb1dd574c0
SHA512

6d2a384dfe6efa8dea22370f1564a3589536fdf90a9de6ea99828d3137af064de51a9ee8113becc3327203e2f5f265a8bcf27a7f9171bcb3c68e98db84293c6a
SSDEEP

6144:Zv8ILSYLFj8iAkseICh2oC0XDxO0iPvzpQ6rFiaI:Z/fLFgku+2oVxOxnzpQ6rF

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

a326ea034a7c1e3e5c9db7c0bf8481d18cecfdcaf1e8e8155c0b6ceb1dd574c0.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  a326ea034a7c1e3e5c9db7c0bf8481d18cecfdcaf1e8e8155c0b6ceb1dd574c0
- Size
  
  305KB
- MD5
  
  38534d532efd591c8e8ac97eca8d0571
- SHA1
  
  732865d75c66eb16492b3efc24dd650079744b60
- SHA256
  
  a326ea034a7c1e3e5c9db7c0bf8481d18cecfdcaf1e8e8155c0b6ceb1dd574c0
- SHA512
  
  6d2a384dfe6efa8dea22370f1564a3589536fdf90a9de6ea99828d3137af064de51a9ee8113becc3327203e2f5f265a8bcf27a7f9171bcb3c68e98db84293c6a
- SSDEEP
  
  6144:Zv8ILSYLFj8iAkseICh2oC0XDxO0iPvzpQ6rFiaI:Z/fLFgku+2oVxOxnzpQ6rF
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy