Overview

overview

10

Static

static

c31618dee7...fc.exe

windows7-x64

10

c31618dee7...fc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c31618dee7fb1f9d3b5cdc3fd42a8a498695e062404d1a5244c3b09466e912fc

  • Size

    141KB

  • Sample

    221219-y8j45sga69

  • MD5

    2a0abc50196fb7efa8d7157a292f122e

  • SHA1

    8d8197392f6d41bf4bfc50faa9442a913bea1a19

  • SHA256

    e3e83a4e31d068cbd7423f0335547f9084eb196b64881d72d874224485f42b46

  • SHA512

    cae1e44189078d465788cc7403b2859a5d6d73f5e1977a7227254c39c5a35c64ef3ac81d6849dd09e5a01e62b27f303dc1731a43a616126436dbcbe8d5e7e16b

  • SSDEEP

    3072:qCjjHg9L2BkKhrroEmOQWl3tABkXiUlnDbDbE2ALt5Ql5ma7N:Xg9St5ZfD3tAHUlD/g+Lm6N

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      c31618dee7fb1f9d3b5cdc3fd42a8a498695e062404d1a5244c3b09466e912fc

    • Size

      214KB

    • MD5

      816287b83f2bcba44a103e227868ef1f

    • SHA1

      4a57ff432e2f83bdbdb5c1d880728e02a47262bb

    • SHA256

      c31618dee7fb1f9d3b5cdc3fd42a8a498695e062404d1a5244c3b09466e912fc

    • SHA512

      0235eaf331a51d8dccb1352769eb72545c36ead5ce5b988a279c795dc840cdc25a750b5b15c185df95fd4523bca45ab843a8f0c89baf4d2bad6ad3e0d5d062ea

    • SSDEEP

      3072:IX4oLOH3aR6hPmyakx2fb+Siha+onfhe+aNRAtOba+oN2ZEzjcbImdzmuX:IIoLOHrhPmmx2T+SMinpex0RNjjcbXF

    Score
    10/10
    smokeloaderbackdoortrojandanabotbanker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks