Overview

overview

10

Static

static

486c914e38...37.exe

windows7-x64

10

486c914e38...37.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    486c914e38ba0f6e213f57e43b64f4cfbfa8cca74d8a8f35b6ebaa301bf0eb37

  • Size

    141KB

  • Sample

    221219-zgbjcsbb9x

  • MD5

    567d81eef0cdb54030331cfd8ec7d5e9

  • SHA1

    36449ba90321e76bd3c5f64a309f66877579c6b2

  • SHA256

    e0e38a928bb424d8ef8345de632aa8dec905c937a3fa9dd19829d48b4734bf5d

  • SHA512

    58a6859fa109f5339791d1d84a73a9d32461ad28accb6253172b9d8f543629a6b8b6afb7c0567ef01e942c2f25632eda03ca98a8a39154de210247c56fce587b

  • SSDEEP

    3072:dvo0aLoXjAfncf+T2HUqw8JbGWW/dfjF+7GrQZhhjD/TFrsO:Ro0vwcfIV38ZifjFzQ7Rv

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      486c914e38ba0f6e213f57e43b64f4cfbfa8cca74d8a8f35b6ebaa301bf0eb37

    • Size

      214KB

    • MD5

      207ba7ed25d453f62e66500679712ab1

    • SHA1

      715fd8e336e8c8d2250f48e8f2478e730b259402

    • SHA256

      486c914e38ba0f6e213f57e43b64f4cfbfa8cca74d8a8f35b6ebaa301bf0eb37

    • SHA512

      3b2c4c7e365f5f9ef5c575149572f4047f0f6f523e131b4250dc239b1a4141386ba879798b9e558cf18ef1ac46c2af59d5be1a85a95f4a9432014a481c9498aa

    • SSDEEP

      3072:2HIEriL+qKaRrIYQOFYWv7rS6cPbsNzz+lVQoaNRAtOba+xlac1gjcbImdzmuX:2zriL+qGY/h61TsNzKlVQP0M1gjcbXF

    Score
    10/10
    smokeloaderbackdoortrojandanabotbanker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks