danabot | 2dcbf09da73ae7dba603b58e868ee859ecf52009fe642aa6694914e27e2b6b11 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

2dcbf09da73ae7dba603b58e868ee859ecf52009fe642aa6694914e27e2b6b11
Size

302KB
Sample

221219-tqjy7sfd84
MD5

7539f39bcce65161807dc9de5614107c
SHA1

d4db1f71c00c27fa5db4a174d1d96aa80b1df351
SHA256

2dcbf09da73ae7dba603b58e868ee859ecf52009fe642aa6694914e27e2b6b11
SHA512

a85a65cc8d889c08a2e2a5f5fef27fe11ed70decfe9b2abc448d4d9708de4ad110f7a0ee92655a8170547ff16e95db2ab03061e1721996ab8682b7234b51004f
SSDEEP

6144:eLY0T34t9psWMChy1z+3ng+E49HwchLP3i:eU0TGBMChydwnVZH9P3

Score

10^/10

danabot smokeloader backdoor banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

2dcbf09da73ae7dba603b58e868ee859ecf52009fe642aa6694914e27e2b6b11.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker discovery trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  2dcbf09da73ae7dba603b58e868ee859ecf52009fe642aa6694914e27e2b6b11
- Size
  
  302KB
- MD5
  
  7539f39bcce65161807dc9de5614107c
- SHA1
  
  d4db1f71c00c27fa5db4a174d1d96aa80b1df351
- SHA256
  
  2dcbf09da73ae7dba603b58e868ee859ecf52009fe642aa6694914e27e2b6b11
- SHA512
  
  a85a65cc8d889c08a2e2a5f5fef27fe11ed70decfe9b2abc448d4d9708de4ad110f7a0ee92655a8170547ff16e95db2ab03061e1721996ab8682b7234b51004f
- SSDEEP
  
  6144:eLY0T34t9psWMChy1z+3ng+E49HwchLP3i:eU0TGBMChydwnVZH9P3
Score

10^/10

danabot smokeloader backdoor banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverytrojan

© 2018-2024

Terms | Privacy