danabot | 89c0a751facb90a840b384987b7b823a24c85db3150b5cd18d513173f65c649e | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

89c0a751facb90a840b384987b7b823a24c85db3150b5cd18d513173f65c649e
Size

311KB
Sample

221219-qyhjkaab7w
MD5

994cba1dd7bf6a44edbe7511570b2cc8
SHA1

ac0e2b8d764ffd29fd54d38a49a40dfc17e9d853
SHA256

89c0a751facb90a840b384987b7b823a24c85db3150b5cd18d513173f65c649e
SHA512

fb46540438f686e8e73725040d7557f235869da9b700132bcbebac1be2432bcb2065b5cb4e604cb1ce304770f623046ceea3670787d573a9720941f16998ebc9
SSDEEP

3072:MKwsk/ULB4dK7SCByDX2pSshod3XNiDnVRMtlsU7TxoDH4rOPHFRuUrIb6u8qn13:ss1LB/ON23oJXNisllxoDH4rWlRjO1n

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

89c0a751facb90a840b384987b7b823a24c85db3150b5cd18d513173f65c649e.exe

Resource

win10-20220812-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  89c0a751facb90a840b384987b7b823a24c85db3150b5cd18d513173f65c649e
- Size
  
  311KB
- MD5
  
  994cba1dd7bf6a44edbe7511570b2cc8
- SHA1
  
  ac0e2b8d764ffd29fd54d38a49a40dfc17e9d853
- SHA256
  
  89c0a751facb90a840b384987b7b823a24c85db3150b5cd18d513173f65c649e
- SHA512
  
  fb46540438f686e8e73725040d7557f235869da9b700132bcbebac1be2432bcb2065b5cb4e604cb1ce304770f623046ceea3670787d573a9720941f16998ebc9
- SSDEEP
  
  3072:MKwsk/ULB4dK7SCByDX2pSshod3XNiDnVRMtlsU7TxoDH4rOPHFRuUrIb6u8qn13:ss1LB/ON23oJXNisllxoDH4rWlRjO1n
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy