danabot | 393b1c22fbd0d7b17d059365da39cc641f33bc0fb23c2ae1b296938945ed9962 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

393b1c22fbd0d7b17d059365da39cc641f33bc0fb23c2ae1b296938945ed9962
Size

305KB
Sample

221219-y2vbjabb5y
MD5

6bfc17a28aa01afc3c7cb24f0154220a
SHA1

c69bafa22ca6ec3b8f68bc30fa41e9c07e0b7ed4
SHA256

393b1c22fbd0d7b17d059365da39cc641f33bc0fb23c2ae1b296938945ed9962
SHA512

000dad200e390812e7ed44811701ad31bd4ef831278807f8576e9f5a136d0eeacd591889204158f8502d4faccf96ffa5eff3c511358cfc625f34a93fe21c7cbf
SSDEEP

6144:ILefDAuyxoFK7wFCiEAJdNBOyBU63QZImQKG0:IqDAJx2GXAhMsQZW

Score

10^/10

danabot smokeloader backdoor banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

393b1c22fbd0d7b17d059365da39cc641f33bc0fb23c2ae1b296938945ed9962.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker discovery trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  393b1c22fbd0d7b17d059365da39cc641f33bc0fb23c2ae1b296938945ed9962
- Size
  
  305KB
- MD5
  
  6bfc17a28aa01afc3c7cb24f0154220a
- SHA1
  
  c69bafa22ca6ec3b8f68bc30fa41e9c07e0b7ed4
- SHA256
  
  393b1c22fbd0d7b17d059365da39cc641f33bc0fb23c2ae1b296938945ed9962
- SHA512
  
  000dad200e390812e7ed44811701ad31bd4ef831278807f8576e9f5a136d0eeacd591889204158f8502d4faccf96ffa5eff3c511358cfc625f34a93fe21c7cbf
- SSDEEP
  
  6144:ILefDAuyxoFK7wFCiEAJdNBOyBU63QZImQKG0:IqDAJx2GXAhMsQZW
Score

10^/10

danabot smokeloader backdoor banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverytrojan

© 2018-2024

Terms | Privacy