danabot | 6ed100935cdeaa7460aa322884cf675cc4436c7074ece5022bad586d999e5fda | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

6ed100935cdeaa7460aa322884cf675cc4436c7074ece5022bad586d999e5fda
Size

302KB
Sample

221219-scjkvaad3z
MD5

fc73c24762bcaadae9ac7ef6db858754
SHA1

0f2c4a6b9cdfa423e7af69af67efb8b672e81eba
SHA256

6ed100935cdeaa7460aa322884cf675cc4436c7074ece5022bad586d999e5fda
SHA512

3a847d5029d7a4c45a40831dab4563d7afc1c2405520296cf8d890111131a07fb52dfc708dd94618cfa4e0a9eaa0c2d3bd5c01c55fef80512dfeaab404d9df1a
SSDEEP

6144:DNLO/UQGFh3VExnGz+3ng+E49HwchLP3i:DNK/t2FmywnVZH9P3

Score

10^/10

danabot smokeloader backdoor banker persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

6ed100935cdeaa7460aa322884cf675cc4436c7074ece5022bad586d999e5fda.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker persistence trojan

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  6ed100935cdeaa7460aa322884cf675cc4436c7074ece5022bad586d999e5fda
- Size
  
  302KB
- MD5
  
  fc73c24762bcaadae9ac7ef6db858754
- SHA1
  
  0f2c4a6b9cdfa423e7af69af67efb8b672e81eba
- SHA256
  
  6ed100935cdeaa7460aa322884cf675cc4436c7074ece5022bad586d999e5fda
- SHA512
  
  3a847d5029d7a4c45a40831dab4563d7afc1c2405520296cf8d890111131a07fb52dfc708dd94618cfa4e0a9eaa0c2d3bd5c01c55fef80512dfeaab404d9df1a
- SSDEEP
  
  6144:DNLO/UQGFh3VExnGz+3ng+E49HwchLP3i:DNK/t2FmywnVZH9P3
Score

10^/10

danabot smokeloader backdoor banker persistence trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerpersistencetrojan

© 2018-2024

Terms | Privacy