danabot | bee279ffc033646b7df7ada79b8b3012404c2ce37c5944ceb95c064f523d3f55 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

bee279ffc033646b7df7ada79b8b3012404c2ce37c5944ceb95c064f523d3f55
Size

307KB
Sample

221219-k8ww2shf9s
MD5

020a318f5515faf139b30412dde8760c
SHA1

ff709428ba6245657c273b582b214b105fbbe345
SHA256

bee279ffc033646b7df7ada79b8b3012404c2ce37c5944ceb95c064f523d3f55
SHA512

64a61875f151e82ba09cdcb06094da07dbb9386fd547051c1a94de27a3bb4deb75fa31741bc79588aa0c712175ecadbe6abe0fb64cf47a3fa09e327ca7196ea7
SSDEEP

6144:iyG/L3JIs2uzkXJZq9LTEXA0iPvzpQ6rFiaI:iHTJIbMkC9TaAxnzpQ6rF

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

bee279ffc033646b7df7ada79b8b3012404c2ce37c5944ceb95c064f523d3f55.exe

Resource

win10-20220812-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  bee279ffc033646b7df7ada79b8b3012404c2ce37c5944ceb95c064f523d3f55
- Size
  
  307KB
- MD5
  
  020a318f5515faf139b30412dde8760c
- SHA1
  
  ff709428ba6245657c273b582b214b105fbbe345
- SHA256
  
  bee279ffc033646b7df7ada79b8b3012404c2ce37c5944ceb95c064f523d3f55
- SHA512
  
  64a61875f151e82ba09cdcb06094da07dbb9386fd547051c1a94de27a3bb4deb75fa31741bc79588aa0c712175ecadbe6abe0fb64cf47a3fa09e327ca7196ea7
- SSDEEP
  
  6144:iyG/L3JIs2uzkXJZq9LTEXA0iPvzpQ6rFiaI:iHTJIbMkC9TaAxnzpQ6rF
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy