Overview

overview

10

Static

static

dridex

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0da5ee6f31f73a83dc29032cbf0e45575bf094b974e96488807202c22c7600c

  • Size

    303KB

  • Sample

    221219-ttbf8sfd89

  • MD5

    e8ba374781647cfbafc3acf6b8b809ad

  • SHA1

    6eebf59243c19e9e4ba40ce578b94069f6b69ed7

  • SHA256

    d0da5ee6f31f73a83dc29032cbf0e45575bf094b974e96488807202c22c7600c

  • SHA512

    f57121abee7dcf10e6454ef2ac57e3860f273ad7363572e481b35ba36eefd244674fe539e480f5ae8d8e2673a4925bbf975d3d0aa0a25e605c4fea60996ff709

  • SSDEEP

    6144:4LvzdO34/Z7NKMgE91Wkz+3ng+E49HwchLP3i:4TzdU4/Z7Ui9vwnVZH9P3

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      d0da5ee6f31f73a83dc29032cbf0e45575bf094b974e96488807202c22c7600c

    • Size

      303KB

    • MD5

      e8ba374781647cfbafc3acf6b8b809ad

    • SHA1

      6eebf59243c19e9e4ba40ce578b94069f6b69ed7

    • SHA256

      d0da5ee6f31f73a83dc29032cbf0e45575bf094b974e96488807202c22c7600c

    • SHA512

      f57121abee7dcf10e6454ef2ac57e3860f273ad7363572e481b35ba36eefd244674fe539e480f5ae8d8e2673a4925bbf975d3d0aa0a25e605c4fea60996ff709

    • SSDEEP

      6144:4LvzdO34/Z7NKMgE91Wkz+3ng+E49HwchLP3i:4TzdU4/Z7Ui9vwnVZH9P3

    Score
    10/10
    danabotsmokeloaderbackdoorbankertrojan

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks