danabot | 1fb7dd7192b8a4eb7deaccf37ea4cc8ddef62784cce137fd4e5445800e2d6875 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

1fb7dd7192b8a4eb7deaccf37ea4cc8ddef62784cce137fd4e5445800e2d6875
Size

305KB
Sample

221219-j649zahe9w
MD5

7e2587f9abd6549a88072d135730580a
SHA1

3035343a78141807b53c016387cbc1518da1dabf
SHA256

1fb7dd7192b8a4eb7deaccf37ea4cc8ddef62784cce137fd4e5445800e2d6875
SHA512

7d7fbe4a9b9b4c290b1a756fb0e076a2b8752b074e0845c86970526136ccb23c8691575ea52f06a0199fb8ae261432f9ea075b34fa55b52107e2db25cd0b7d46
SSDEEP

6144:TRgeL+GHqAVQujE9DkhkNokN0iPvzpQ6rFiaI:THSGHqA2uw28xnzpQ6rF

Score

10^/10

danabot smokeloader backdoor banker discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

1fb7dd7192b8a4eb7deaccf37ea4cc8ddef62784cce137fd4e5445800e2d6875.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker discovery persistence trojan

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  1fb7dd7192b8a4eb7deaccf37ea4cc8ddef62784cce137fd4e5445800e2d6875
- Size
  
  305KB
- MD5
  
  7e2587f9abd6549a88072d135730580a
- SHA1
  
  3035343a78141807b53c016387cbc1518da1dabf
- SHA256
  
  1fb7dd7192b8a4eb7deaccf37ea4cc8ddef62784cce137fd4e5445800e2d6875
- SHA512
  
  7d7fbe4a9b9b4c290b1a756fb0e076a2b8752b074e0845c86970526136ccb23c8691575ea52f06a0199fb8ae261432f9ea075b34fa55b52107e2db25cd0b7d46
- SSDEEP
  
  6144:TRgeL+GHqAVQujE9DkhkNokN0iPvzpQ6rFiaI:THSGHqA2uw28xnzpQ6rF
Score

10^/10

danabot smokeloader backdoor banker discovery persistence trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy