Overview

overview

10

Static

static

c31618dee7...fc.exe

windows7-x64

10

c31618dee7...fc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c31618dee7fb1f9d3b5cdc3fd42a8a498695e062404d1a5244c3b09466e912fc

  • Size

    141KB

  • Sample

    221219-y3ra9sga48

  • MD5

    d6ea3292c9a7dc3f22adb078bca9631f

  • SHA1

    a4f881702fb7092cfccae5994f21e9c755d0db94

  • SHA256

    cca6c3317c51dfb87dbcb62744ce970ec1d6ff8179cf7dba88e9ca1c9a8cfe9b

  • SHA512

    e699a00a60898fb1def0dbdb84ee913179e3664d313da479a1ec7af6d08c2dcf918cbaf62a5402caa87600824308aadf0050dbc4a12ad24daf6581b81a4279fc

  • SSDEEP

    3072:WCjjHg9L2BkKhrroEmOQWl3tABkXiUlnDbDbE2ALt5Ql5ma7x:zg9St5ZfD3tAHUlD/g+Lm6x

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      c31618dee7fb1f9d3b5cdc3fd42a8a498695e062404d1a5244c3b09466e912fc

    • Size

      214KB

    • MD5

      816287b83f2bcba44a103e227868ef1f

    • SHA1

      4a57ff432e2f83bdbdb5c1d880728e02a47262bb

    • SHA256

      c31618dee7fb1f9d3b5cdc3fd42a8a498695e062404d1a5244c3b09466e912fc

    • SHA512

      0235eaf331a51d8dccb1352769eb72545c36ead5ce5b988a279c795dc840cdc25a750b5b15c185df95fd4523bca45ab843a8f0c89baf4d2bad6ad3e0d5d062ea

    • SSDEEP

      3072:IX4oLOH3aR6hPmyakx2fb+Siha+onfhe+aNRAtOba+oN2ZEzjcbImdzmuX:IIoLOHrhPmmx2T+SMinpex0RNjjcbXF

    Score
    10/10
    smokeloaderbackdoortrojandanabotbanker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks