danabot

General

Target

be102c956532ace6f47db2cb6ecda04e16e075789ab901c0352405b517c57f2a
Size

142KB
Sample

221219-x43j9aah81
MD5

539bfa8fab76f8b161e2690a5c9cb974
SHA1

11c091efbaee230bffc7c218bea6662151ba36b5
SHA256

1a1702950b222a50d5698232963ad09d4ec3219a651ff858e368a10fd773839d
SHA512

16617e6257a03e1335b81e18aafc82100f38d9bd2bd30f19629db150eff391aea8417a30f81540f25731ff990b7492f6aa81ba431df9f56fca4cc973eb9c0337
SSDEEP

3072:uIZAnM7DaKnQuniJnlHipXQ1zgLmtGQQy4HD0Ul5uoG0wXaWLLzcGO:uo6ITzi5lMGUqgRjjOr0wXa+W

Score

10^/10

Malware Config

Targets

- Target
  
  be102c956532ace6f47db2cb6ecda04e16e075789ab901c0352405b517c57f2a
- Size
  
  215KB
- MD5
  
  576dce20db5acd0597a24264bee12bf4
- SHA1
  
  681fd5e94767cab6959e62329fb2aa30859e4890
- SHA256
  
  be102c956532ace6f47db2cb6ecda04e16e075789ab901c0352405b517c57f2a
- SHA512
  
  704183bb1541b396c1384bb7bea4248ffe9fdb966bd7a08d91af03d22ee395c93269ebf3f4b85855529929f324f50e6bc61aa4882a830f9fb0dcddc2bb6824cb
- SSDEEP
  
  6144:KGSLyLSX6J5RKeJAo/hULP0q3QCjcbXF:KGS+GX6QeJAsC02QCYbXF
Score

10^/10

smokeloader backdoor trojan danabot banker discovery
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detects Smokeloader packer

SmokeLoader

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2