General

  • Target

    95457189e7fcaafe43b649247d8f3faef92dc7cebb11ff80ed7c817c99ddaf99

  • Size

    303KB

  • Sample

    221219-yfjb5sfh66

  • MD5

    f04c25c9705a879d4f2b68841f555285

  • SHA1

    07b6e33b7c8df8f783d34f2ec16bf28710ffd861

  • SHA256

    95457189e7fcaafe43b649247d8f3faef92dc7cebb11ff80ed7c817c99ddaf99

  • SHA512

    3cde745740ddc709eb7e70cb07d5c2984bc08483edccce26f0f7b57c80f1b922c8264790006a44665d189af8fe1d8ce6e7a1c971e4f70d573b41a5949dfb52a3

  • SSDEEP

    6144:JL6gIASzsWB2tCzlcs0pCgz+3ng+E49HwchLP3i:JVIASwWB2ssvwnVZH9P3

Malware Config

Targets

    • Target

      95457189e7fcaafe43b649247d8f3faef92dc7cebb11ff80ed7c817c99ddaf99

    • Size

      303KB

    • MD5

      f04c25c9705a879d4f2b68841f555285

    • SHA1

      07b6e33b7c8df8f783d34f2ec16bf28710ffd861

    • SHA256

      95457189e7fcaafe43b649247d8f3faef92dc7cebb11ff80ed7c817c99ddaf99

    • SHA512

      3cde745740ddc709eb7e70cb07d5c2984bc08483edccce26f0f7b57c80f1b922c8264790006a44665d189af8fe1d8ce6e7a1c971e4f70d573b41a5949dfb52a3

    • SSDEEP

      6144:JL6gIASzsWB2tCzlcs0pCgz+3ng+E49HwchLP3i:JVIASwWB2ssvwnVZH9P3

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks