danabot | c31c03e3c2e9ec95d2e80453222278603735971083824ce59ae7e8f2850dc6eb | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

c31c03e3c2e9ec95d2e80453222278603735971083824ce59ae7e8f2850dc6eb
Size

307KB
Sample

221219-kamkqahf2t
MD5

1ac28017236cafb30ae46b8cfcdd3aff
SHA1

aa0ecc6413d85ed7211628f45f741cfa1f338af5
SHA256

c31c03e3c2e9ec95d2e80453222278603735971083824ce59ae7e8f2850dc6eb
SHA512

a691763218b3b385272398e53ef301328ca78ea895840aca1d46fd85273701a00110ebb153c3c99253c5c179c4383053d4d7e5a89ec9d4926aca73d0b96962ff
SSDEEP

6144:n+65LwOzcNUnWPx0KD5tMIHPmC7AEXQ8/0iPvzpQ6rFiaI:nF7zcNUnWGKDLMIvnnf/xnzpQ6rF

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

c31c03e3c2e9ec95d2e80453222278603735971083824ce59ae7e8f2850dc6eb.exe

Resource

win10-20220901-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  c31c03e3c2e9ec95d2e80453222278603735971083824ce59ae7e8f2850dc6eb
- Size
  
  307KB
- MD5
  
  1ac28017236cafb30ae46b8cfcdd3aff
- SHA1
  
  aa0ecc6413d85ed7211628f45f741cfa1f338af5
- SHA256
  
  c31c03e3c2e9ec95d2e80453222278603735971083824ce59ae7e8f2850dc6eb
- SHA512
  
  a691763218b3b385272398e53ef301328ca78ea895840aca1d46fd85273701a00110ebb153c3c99253c5c179c4383053d4d7e5a89ec9d4926aca73d0b96962ff
- SSDEEP
  
  6144:n+65LwOzcNUnWPx0KD5tMIHPmC7AEXQ8/0iPvzpQ6rFiaI:nF7zcNUnWGKDLMIvnnf/xnzpQ6rF
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy