Overview

overview

10

Static

static

36962dbe21...07.exe

windows7-x64

10

36962dbe21...07.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36962dbe21b03b6b13e7a6e607f908eb54c0fa8d511d3d522fcb31322c938007

  • Size

    204KB

  • Sample

    221219-vrrwwafe53

  • MD5

    074ef73c80e9de125a087a9b9d89b90a

  • SHA1

    c5e771de9f9525a7515b2e0398424645f39f22f5

  • SHA256

    f2e157b8540d9a37dcca8ef67e5ccfae93873a4fd444e45243bcf20a77693e7f

  • SHA512

    1245847ff0e248eb69d52263a7d9434ab68a941eb9e20dcc2473a1c7a81c13bbe9feaab85bf99103e2555592649b470aaf505f2b6b66b30eec3962ca101b9e13

  • SSDEEP

    6144:N6z2COoEoMDPc7K+/eWOGkLcobPHaxzLnMSwBOf6KS:wz2RvRDPGKXbBoobP6FMSwBOA

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      36962dbe21b03b6b13e7a6e607f908eb54c0fa8d511d3d522fcb31322c938007

    • Size

      310KB

    • MD5

      c6d5caf032d4435e71637bd333f174fb

    • SHA1

      1971852a4bedd32ac3a74d7a9600dcb369e71cce

    • SHA256

      36962dbe21b03b6b13e7a6e607f908eb54c0fa8d511d3d522fcb31322c938007

    • SHA512

      7a7176c80ade6000dbb7a4b94cb11f229b360ea8adab69d829cf24541d5f364e9f6143a697f1c839336da98261f9a038aacc4c463b90d67bb2fba56158d8144e

    • SSDEEP

      6144:+gxRLtYltAaD+/eWOGkLc3zJJaRH4rWlRjO1n:+qRpYlt5DXbBotJayrW9u

    Score
    10/10
    smokeloaderbackdoortrojandanabotbanker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks