danabot

General

Target

489437b24ecd011538918fbd80d3ad06dc2a2b63207dfe937bd3f6dcefe11a55
Size

204KB
Sample

221219-xcnxsaag7x
MD5

16e8b8d167d6364f412640091a8c3db0
SHA1

f1006cb636f83bd0f13e2748dee11b11f072e9a3
SHA256

facc56faf6b94301117a3f72132e1c7e06e4852ae1ce89f584c19cd32db401f9
SHA512

ab101c3077aebd001115c2ec62dc76aaa341840214b88f4b76acec52e327b4ed28431e6eb416a9bb72e52f09c00fa34f513a1e4f130f763ed494f1c7751d609a
SSDEEP

6144:2HrtwA1iq8LNgeqDGO1oK/xWY321amI15d:2HF1iq8LN4DG4ocx121PIbd

Score

10^/10

Malware Config

Targets

- Target
  
  489437b24ecd011538918fbd80d3ad06dc2a2b63207dfe937bd3f6dcefe11a55
- Size
  
  307KB
- MD5
  
  ddf6f2c3455fb5f4738536262dd38afe
- SHA1
  
  f800d1f0f3b4de746a0663a13a4c8846b041404e
- SHA256
  
  489437b24ecd011538918fbd80d3ad06dc2a2b63207dfe937bd3f6dcefe11a55
- SHA512
  
  21ffe2954f3c2e42f4400dd3619c9632a8800812c8b9450c5594568ade56e3490b20f4aa0a8684bc53578daa637e7b42055c0771ff20d34e11b91e143899870a
- SSDEEP
  
  6144:Bl5ULz/YGW19tz8bG5geqDGO1oK/Fn77jcJ0iPvzpQ6rFiaI:BY3/YGk9mbG54DG4ocFnixnzpQ6rF
Score

10^/10

smokeloader backdoor trojan danabot banker discovery
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Detects Smokeloader packer

SmokeLoader

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2