danabot | 5022d95f9df8cab8b9ef3f2447a8fbece4469db566bb6bd5670a8684481b680d | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

5022d95f9df8cab8b9ef3f2447a8fbece4469db566bb6bd5670a8684481b680d
Size

307KB
Sample

221219-mfcc2shh2v
MD5

004929ff3e100389624575332e1bf031
SHA1

8a081920bdb38fdc34a31fc5654af1cea7b44e20
SHA256

5022d95f9df8cab8b9ef3f2447a8fbece4469db566bb6bd5670a8684481b680d
SHA512

0ddb2aab9812e4e239b8cd60c2a50546c7881eff9441e8b194e42a4900ad10f29ed77e3b2d007d1af65397659f85d3e353e30b0f19d4e7ed1e1aa388b6509876
SSDEEP

6144:gr4dDL4UsLn4jrRtKzE6KA2/YML3FZ0iPvzpQ6rFiaI:g6sUsyuEYs3XxnzpQ6rF

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

5022d95f9df8cab8b9ef3f2447a8fbece4469db566bb6bd5670a8684481b680d.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  5022d95f9df8cab8b9ef3f2447a8fbece4469db566bb6bd5670a8684481b680d
- Size
  
  307KB
- MD5
  
  004929ff3e100389624575332e1bf031
- SHA1
  
  8a081920bdb38fdc34a31fc5654af1cea7b44e20
- SHA256
  
  5022d95f9df8cab8b9ef3f2447a8fbece4469db566bb6bd5670a8684481b680d
- SHA512
  
  0ddb2aab9812e4e239b8cd60c2a50546c7881eff9441e8b194e42a4900ad10f29ed77e3b2d007d1af65397659f85d3e353e30b0f19d4e7ed1e1aa388b6509876
- SSDEEP
  
  6144:gr4dDL4UsLn4jrRtKzE6KA2/YML3FZ0iPvzpQ6rFiaI:g6sUsyuEYs3XxnzpQ6rF
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy