danabot | bf5998ec24555a1ddf6efae54527a510d5a87e82e959660d405600404c392e27 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

bf5998ec24555a1ddf6efae54527a510d5a87e82e959660d405600404c392e27
Size

302KB
Sample

221219-vzzxfsfe72
MD5

533e1fffff34f074723b0e1bfe67e3d4
SHA1

be442829d2c06757e352f6d77eddb3a1828a5ad8
SHA256

bf5998ec24555a1ddf6efae54527a510d5a87e82e959660d405600404c392e27
SHA512

e03af96517cb9bad0425aa325cd911468795728c340f3a2a4f9de0b02bdfcb91f7b991d92b77f8d0223b8cd1bc44c61ce058e10dac42b2963d67f1a02a3967e3
SSDEEP

6144:lNLO/uZjmigijCYFvh5GfFh1z+3ng+E49HwchLP3i:lNK/imigiZ50twnVZH9P3

Score

10^/10

danabot smokeloader backdoor banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

bf5998ec24555a1ddf6efae54527a510d5a87e82e959660d405600404c392e27.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker discovery trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  bf5998ec24555a1ddf6efae54527a510d5a87e82e959660d405600404c392e27
- Size
  
  302KB
- MD5
  
  533e1fffff34f074723b0e1bfe67e3d4
- SHA1
  
  be442829d2c06757e352f6d77eddb3a1828a5ad8
- SHA256
  
  bf5998ec24555a1ddf6efae54527a510d5a87e82e959660d405600404c392e27
- SHA512
  
  e03af96517cb9bad0425aa325cd911468795728c340f3a2a4f9de0b02bdfcb91f7b991d92b77f8d0223b8cd1bc44c61ce058e10dac42b2963d67f1a02a3967e3
- SSDEEP
  
  6144:lNLO/uZjmigijCYFvh5GfFh1z+3ng+E49HwchLP3i:lNK/imigiZ50twnVZH9P3
Score

10^/10

danabot smokeloader backdoor banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverytrojan

© 2018-2024

Terms | Privacy