danabot | 3edc45f11df046eea8b38f63c244b77db7562a77931b3b62ddda1c7ec233cbfc | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

3edc45f11df046eea8b38f63c244b77db7562a77931b3b62ddda1c7ec233cbfc
Size

311KB
Sample

221219-rnh8safb99
MD5

e471ee462cabc829b7f98094ec9ed40c
SHA1

6f9bc1e5a5df156c9f0fc8fbd6cfc52eef7dd868
SHA256

3edc45f11df046eea8b38f63c244b77db7562a77931b3b62ddda1c7ec233cbfc
SHA512

22b5ae685ea50787fc5048e9ce894fe7aaca952b321e2af66967a3fb676f578754eb194a710af7072e3604e18a0a016f2df8a96f05d0ccf1009fb3c4e89b3259
SSDEEP

6144:sSlLoqgLs+GSquhTLIpbPIiIHmvEK8H4rWlRjO1n:ssUqgVqynIpbPIDGcKfrW9u

Score

10^/10

danabot smokeloader backdoor banker discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

3edc45f11df046eea8b38f63c244b77db7562a77931b3b62ddda1c7ec233cbfc.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker discovery persistence trojan

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  3edc45f11df046eea8b38f63c244b77db7562a77931b3b62ddda1c7ec233cbfc
- Size
  
  311KB
- MD5
  
  e471ee462cabc829b7f98094ec9ed40c
- SHA1
  
  6f9bc1e5a5df156c9f0fc8fbd6cfc52eef7dd868
- SHA256
  
  3edc45f11df046eea8b38f63c244b77db7562a77931b3b62ddda1c7ec233cbfc
- SHA512
  
  22b5ae685ea50787fc5048e9ce894fe7aaca952b321e2af66967a3fb676f578754eb194a710af7072e3604e18a0a016f2df8a96f05d0ccf1009fb3c4e89b3259
- SSDEEP
  
  6144:sSlLoqgLs+GSquhTLIpbPIiIHmvEK8H4rWlRjO1n:ssUqgVqynIpbPIDGcKfrW9u
Score

10^/10

danabot smokeloader backdoor banker discovery persistence trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy