danabot | 1fa0e4fb0da07e924666aa1f93a917cc3e1fdec01fdc2c2a5f8abab4472ae650 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

1fa0e4fb0da07e924666aa1f93a917cc3e1fdec01fdc2c2a5f8abab4472ae650
Size

304KB
Sample

221219-yn7dyaba9s
MD5

4ac59181a0ee5c6ee04a59a34ca8094e
SHA1

a0a5d7bdb66c114d69b1f6737e42bdee9d6aec7a
SHA256

1fa0e4fb0da07e924666aa1f93a917cc3e1fdec01fdc2c2a5f8abab4472ae650
SHA512

d08e6cff11c3df1febf9be47a3b07548d4c045546813a9623872cb60faf942b68f656b9fcb9be72146c11c3ee1c48ef5ebde179a6d3241fd7169a9799c111961
SSDEEP

6144:5LdY8AWV18l6I3B9z+3ng+E49HwchLP3i:5u8A4Q6I3BlwnVZH9P3

Score

10^/10

danabot smokeloader backdoor banker discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

1fa0e4fb0da07e924666aa1f93a917cc3e1fdec01fdc2c2a5f8abab4472ae650.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker discovery persistence trojan

windows10-2004-x64

26 signatures

150 seconds

Malware Config

Targets

- Target
  
  1fa0e4fb0da07e924666aa1f93a917cc3e1fdec01fdc2c2a5f8abab4472ae650
- Size
  
  304KB
- MD5
  
  4ac59181a0ee5c6ee04a59a34ca8094e
- SHA1
  
  a0a5d7bdb66c114d69b1f6737e42bdee9d6aec7a
- SHA256
  
  1fa0e4fb0da07e924666aa1f93a917cc3e1fdec01fdc2c2a5f8abab4472ae650
- SHA512
  
  d08e6cff11c3df1febf9be47a3b07548d4c045546813a9623872cb60faf942b68f656b9fcb9be72146c11c3ee1c48ef5ebde179a6d3241fd7169a9799c111961
- SSDEEP
  
  6144:5LdY8AWV18l6I3B9z+3ng+E49HwchLP3i:5u8A4Q6I3BlwnVZH9P3
Score

10^/10

danabot smokeloader backdoor banker discovery persistence trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Sets DLL path for service in the registry
  persistence
- Sets service image path in registry
  persistence
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverypersistencetrojan

© 2018-2024

Terms | Privacy