danabot | 2b61e88384cfc2638764efece0ea12eb0c3384f1c04bbbbdc2cd81cd037e9407 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

2b61e88384cfc2638764efece0ea12eb0c3384f1c04bbbbdc2cd81cd037e9407
Size

310KB
Sample

221219-p3laksaa7z
MD5

7c0fa0f871ce994b95a7679953dacf6b
SHA1

fe24a1ecec1d2f6526c2c98e135514d57b4ba1e3
SHA256

2b61e88384cfc2638764efece0ea12eb0c3384f1c04bbbbdc2cd81cd037e9407
SHA512

dcda6ec44ff3d51fa106511ae7f35026e603d26e7372ba31fe42bb408bca710e9e64c57d6d45db18b47408b27192f1ad495a982f48b5db114c5dfc0b7020d487
SSDEEP

6144:pq/PLRi9atHbLX3qUulW0h4dH4rWlRjO1n:pIP9i9aful9zrW9u

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

2b61e88384cfc2638764efece0ea12eb0c3384f1c04bbbbdc2cd81cd037e9407.exe

Resource

win10-20220812-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  2b61e88384cfc2638764efece0ea12eb0c3384f1c04bbbbdc2cd81cd037e9407
- Size
  
  310KB
- MD5
  
  7c0fa0f871ce994b95a7679953dacf6b
- SHA1
  
  fe24a1ecec1d2f6526c2c98e135514d57b4ba1e3
- SHA256
  
  2b61e88384cfc2638764efece0ea12eb0c3384f1c04bbbbdc2cd81cd037e9407
- SHA512
  
  dcda6ec44ff3d51fa106511ae7f35026e603d26e7372ba31fe42bb408bca710e9e64c57d6d45db18b47408b27192f1ad495a982f48b5db114c5dfc0b7020d487
- SSDEEP
  
  6144:pq/PLRi9atHbLX3qUulW0h4dH4rWlRjO1n:pIP9i9aful9zrW9u
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy