Overview

overview

10

Static

static

b6e3f01f49...f5.exe

windows7-x64

10

b6e3f01f49...f5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b6e3f01f4942008f68c8649fa24daf9ace975ee9e4e47b50611c87414de12ff5

  • Size

    141KB

  • Sample

    221219-yn7ppsfh86

  • MD5

    0c750cef4490b810ed5f735bcd838e3a

  • SHA1

    c322c0c03fa15a7c8dff01caf2e592d3d782ed08

  • SHA256

    098612c1426f8c912222d73b116b41236c7197fccc5c379f89ae0bfe00cc788f

  • SHA512

    feff92cb8d9a35d2a49ca141f5ce7789e9cb01c90e10f231eeb5687d1fa4f747e67f8c13ad04cfd83e55d56abcc7fc3f172d88ff7a2f4bb2c827946c606751b0

  • SSDEEP

    3072:BxRTSmvluynIAzyG8VLaijrrCr5gbmOt+y0E:BxJSmvvIg1OaAry5gbmKv

Score
10/10
danabotsmokeloaderbackdoorbankerdiscoverytrojan

Malware Config

Targets

    • Target

      b6e3f01f4942008f68c8649fa24daf9ace975ee9e4e47b50611c87414de12ff5

    • Size

      214KB

    • MD5

      59299a2e1bb32ca5875b197e7d2d339f

    • SHA1

      a081d3d73d8c39bf9049632af2a7a3e8a360165c

    • SHA256

      b6e3f01f4942008f68c8649fa24daf9ace975ee9e4e47b50611c87414de12ff5

    • SHA512

      51562dc2e31b65ed77c4a404ab325f28e03d673a95079720be9ac1d43234228f16ddb8f0521fbe7980b2aa96051093037e6502b7dcea0e5244e8c16099928626

    • SSDEEP

      3072:Y3BWLxxIaRRRdZoQt0nemkBAq2muZGVaNRAtOba+A3+9jcbImdzmuX:YRWLxx5Zx0emc/00nQjcbXF

    Score
    10/10
    smokeloaderbackdoortrojandanabotbankerdiscovery

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks