danabot | ad1969d840d4c91dc5c2975b3a7710710043a822a02e4f2480d4622126816554 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

ad1969d840d4c91dc5c2975b3a7710710043a822a02e4f2480d4622126816554
Size

301KB
Sample

221219-vz3cksaf5s
MD5

7b05389b0717d2f08c59aaa6d058b209
SHA1

362d18cdfe4af1bdb54a2162070bb43baccfbb62
SHA256

ad1969d840d4c91dc5c2975b3a7710710043a822a02e4f2480d4622126816554
SHA512

64a9058f94c061d6dc69e3cf5937a420f9ed3a4e619ab97db70218f5c7cb427e92a71b259f244574d381aafb37bf434e3147046a612ecd6c0be2d9c1b12a6f6d
SSDEEP

6144:bLbuFyCYOYdGJN63DlWOzUtxcT7wY+7WYpuz+3ng+E49HwchLP3i:bXuSOQGJqWDu3k6wnVZH9P3

Score

10^/10

danabot smokeloader backdoor banker persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

ad1969d840d4c91dc5c2975b3a7710710043a822a02e4f2480d4622126816554.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker persistence trojan

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Targets

- Target
  
  ad1969d840d4c91dc5c2975b3a7710710043a822a02e4f2480d4622126816554
- Size
  
  301KB
- MD5
  
  7b05389b0717d2f08c59aaa6d058b209
- SHA1
  
  362d18cdfe4af1bdb54a2162070bb43baccfbb62
- SHA256
  
  ad1969d840d4c91dc5c2975b3a7710710043a822a02e4f2480d4622126816554
- SHA512
  
  64a9058f94c061d6dc69e3cf5937a420f9ed3a4e619ab97db70218f5c7cb427e92a71b259f244574d381aafb37bf434e3147046a612ecd6c0be2d9c1b12a6f6d
- SSDEEP
  
  6144:bLbuFyCYOYdGJN63DlWOzUtxcT7wY+7WYpuz+3ng+E49HwchLP3i:bXuSOQGJqWDu3k6wnVZH9P3
Score

10^/10

danabot smokeloader backdoor banker persistence trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerpersistencetrojan

© 2018-2024

Terms | Privacy