Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    311KB

  • Sample

    221219-qk384sab4w

  • MD5

    a034cbb1ffdcc27f1eb9d3e90d03a638

  • SHA1

    88d16b6e1b93389a89a2b86a6d57c512b57b678d

  • SHA256

    423836be3f255bb3f0f2a2524cd24b979ab2f6f8149fd518790de7c4e1b63d02

  • SHA512

    cae1ba18bd3483c34a2d13731c8e9fdd7cec0d0121b62f842b8eb6fda97f5032af0970f149da953a01ea7bebdd828ffc003a5abc45936c56d4c08b3a109d2376

  • SSDEEP

    6144:40AALtEZ8Ubf52YC96UOQ8IXa1atOgkfH4rWlRjO1n:407hEZ8UbtC4UE1wOgjrW9u

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      311KB

    • MD5

      a034cbb1ffdcc27f1eb9d3e90d03a638

    • SHA1

      88d16b6e1b93389a89a2b86a6d57c512b57b678d

    • SHA256

      423836be3f255bb3f0f2a2524cd24b979ab2f6f8149fd518790de7c4e1b63d02

    • SHA512

      cae1ba18bd3483c34a2d13731c8e9fdd7cec0d0121b62f842b8eb6fda97f5032af0970f149da953a01ea7bebdd828ffc003a5abc45936c56d4c08b3a109d2376

    • SSDEEP

      6144:40AALtEZ8Ubf52YC96UOQ8IXa1atOgkfH4rWlRjO1n:407hEZ8UbtC4UE1wOgjrW9u

    Score
    10/10
    smokeloaderbackdoortrojandanabotbanker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks