Overview

overview

10

Static

static

4b104fabbe...6a.exe

windows7-x64

10

4b104fabbe...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b104fabbea467e56782ba6073006e6a.exe

  • Size

    215KB

  • Sample

    221219-ldm64ahg3v

  • MD5

    4b104fabbea467e56782ba6073006e6a

  • SHA1

    ba3aa8f9547d05b01309d6ac3b2142dadcafa304

  • SHA256

    a2a1210cb259aef978fff5de2bd77447dde10fc62689e2fb1b422cebd24b3269

  • SHA512

    a95401ac891346df204f8284ead4ef4d1c46efd73fd4a7edefdd081d40bf338b83e82342e4cb23571a1a59aaca90dc7de41eb9046c697b97229d235102392dea

  • SSDEEP

    3072:lnC2vLlB8aRsE7eGAC3D1LmRdhDiLswS+qaNRAtOba+tcdtTYljcbImdzmuX:l/vLlBoApxsqd0qcjEljcbXF

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      4b104fabbea467e56782ba6073006e6a.exe

    • Size

      215KB

    • MD5

      4b104fabbea467e56782ba6073006e6a

    • SHA1

      ba3aa8f9547d05b01309d6ac3b2142dadcafa304

    • SHA256

      a2a1210cb259aef978fff5de2bd77447dde10fc62689e2fb1b422cebd24b3269

    • SHA512

      a95401ac891346df204f8284ead4ef4d1c46efd73fd4a7edefdd081d40bf338b83e82342e4cb23571a1a59aaca90dc7de41eb9046c697b97229d235102392dea

    • SSDEEP

      3072:lnC2vLlB8aRsE7eGAC3D1LmRdhDiLswS+qaNRAtOba+tcdtTYljcbImdzmuX:l/vLlBoApxsqd0qcjEljcbXF

    Score
    10/10
    smokeloaderbackdoortrojandanabotbanker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks