danabot | fd45ee46488ce5b3be39bd7f2753f90bacf925c345acc8b55a21f2029081846f | Triage

Submit
Reports

Overview

overview

Static

static

5022d95f9d...0d.exe

windows7-x64

5022d95f9d...0d.exe

windows10-2004-x64

Sharing

General

Target

5022d95f9df8cab8b9ef3f2447a8fbece4469db566bb6bd5670a8684481b680d
Size

204KB
Sample

221219-v5gytsaf6v
MD5

03cb3cb051996f4ed5282d37161079b8
SHA1

2871f23fb9036c14b03c2bb3661c7357e96ecb5d
SHA256

fd45ee46488ce5b3be39bd7f2753f90bacf925c345acc8b55a21f2029081846f
SHA512

b228784cf578cf254d953ac76171f4fd3ab8325ef5f9ce40bcf8e16037e50054c1d84cbe7498fb6ee83b9efeeb4a02823b54462b4c4dc24e29c7bd2d2f52f992
SSDEEP

6144:zwdeubTrMBlSjFRtKzE6Kd50vrR1GmZTGX51:zxub4lSHu6gXGz1

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

5022d95f9df8cab8b9ef3f2447a8fbece4469db566bb6bd5670a8684481b680d.exe

Resource

win7-20220812-en

smokeloader backdoor trojan

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

5022d95f9df8cab8b9ef3f2447a8fbece4469db566bb6bd5670a8684481b680d.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  5022d95f9df8cab8b9ef3f2447a8fbece4469db566bb6bd5670a8684481b680d
- Size
  
  307KB
- MD5
  
  004929ff3e100389624575332e1bf031
- SHA1
  
  8a081920bdb38fdc34a31fc5654af1cea7b44e20
- SHA256
  
  5022d95f9df8cab8b9ef3f2447a8fbece4469db566bb6bd5670a8684481b680d
- SHA512
  
  0ddb2aab9812e4e239b8cd60c2a50546c7881eff9441e8b194e42a4900ad10f29ed77e3b2d007d1af65397659f85d3e353e30b0f19d4e7ed1e1aa388b6509876
- SSDEEP
  
  6144:gr4dDL4UsLn4jrRtKzE6KA2/YML3FZ0iPvzpQ6rFiaI:g6sUsyuEYs3XxnzpQ6rF
Score

10^/10

smokeloader backdoor trojan danabot banker
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy