Overview

overview

10

Static

static

d75b501a09...ac.exe

windows7-x64

10

d75b501a09...ac.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d75b501a09398280bf6e9250ac56763182136b4980d86e43c93d0ad8fa9981ac

  • Size

    206KB

  • Sample

    221219-twkgxsae5x

  • MD5

    73f86e4fddeb50c75c71b652ed003bac

  • SHA1

    08c73bc5b0fe75ff7ccbb6bd0be93715aa6ad2f1

  • SHA256

    44ab63ea26c4da0a9dba0f20325ccca299e616ad68efaaf2584b0fbd0b05ada6

  • SHA512

    ca819a7a145d3b2eb30abe3ef0d45c05856bc62f09460966e98d9dded5f91cdafae0bc94eaeadda4d4ac8a3765f02c401e6834adae87e3da06c375139d10b8ce

  • SSDEEP

    3072:e1eK2F/szRcjUOp01Ph5FvI99rZ0N66SraY6GxvVT7BZgsoxADLMXaXk:esh0Rjbjq9rZ0NCHvVTUvxMk

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      d75b501a09398280bf6e9250ac56763182136b4980d86e43c93d0ad8fa9981ac

    • Size

      311KB

    • MD5

      ff8b0ef6c574e5f6f1fa4c4eb75c637d

    • SHA1

      3263f6595d1329cea9348b34a9857a98998a33c6

    • SHA256

      d75b501a09398280bf6e9250ac56763182136b4980d86e43c93d0ad8fa9981ac

    • SHA512

      9c2d049aaf278d86db69256dd312cf34d1d1b6dcabe964b93ab2a29b21f9045bceaaf809b46c92e6c4f5d5f27befda9692712fc23c4d45de2bef147c98708ff4

    • SSDEEP

      6144:zjB1L2OqdTTq9rZ0NCKg4bBYqH4rWlRjO1n:zPHqdTuduLlarW9u

    Score
    10/10
    smokeloaderbackdoortrojandanabotbanker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks