danabot

General

Target

2b61e88384cfc2638764efece0ea12eb0c3384f1c04bbbbdc2cd81cd037e9407
Size

204KB
Sample

221219-vb9fzsfe34
MD5

245bc686dc4b08cfbb90d576561f205c
SHA1

f1a35fe1d567614a4a597ed6185300d214c3e1ea
SHA256

60c458f556bbe94bbb29d8db488ad2358d4846654946b0bb5c21cd867be3785a
SHA512

ce2db8141ba6a3c62bae4560d49db691a9f69719d09fa4b498665f0b4245cc337f5c1d977ce1cafe6c48acfd477efc2a919737afdc9e7bf035196a7326ae4256
SSDEEP

6144:dgF9c4tFbAaAgyTMUuK/Lr+97YzSa/d5BfE4:qXzbUtTnuALr+97DMd7T

Score

10^/10

Malware Config

Targets

- Target
  
  2b61e88384cfc2638764efece0ea12eb0c3384f1c04bbbbdc2cd81cd037e9407
- Size
  
  310KB
- MD5
  
  7c0fa0f871ce994b95a7679953dacf6b
- SHA1
  
  fe24a1ecec1d2f6526c2c98e135514d57b4ba1e3
- SHA256
  
  2b61e88384cfc2638764efece0ea12eb0c3384f1c04bbbbdc2cd81cd037e9407
- SHA512
  
  dcda6ec44ff3d51fa106511ae7f35026e603d26e7372ba31fe42bb408bca710e9e64c57d6d45db18b47408b27192f1ad495a982f48b5db114c5dfc0b7020d487
- SSDEEP
  
  6144:pq/PLRi9atHbLX3qUulW0h4dH4rWlRjO1n:pIP9i9aful9zrW9u
Score

10^/10

smokeloader backdoor trojan danabot banker discovery
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detects Smokeloader packer

SmokeLoader

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2