danabot | 09ed41266242f1d86d54ea3902344cdc9b5852a57a918f0d01e178fcd92a66fa | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

216KB
Sample

221220-3nt6tsbc97
MD5

eebcd01fc997437a9e8d0d5d3251aa3d
SHA1

aee6094f3b7ebdd47ba91caac386f152db2355a1
SHA256

09ed41266242f1d86d54ea3902344cdc9b5852a57a918f0d01e178fcd92a66fa
SHA512

a7d45ba85cec8b6a1af81d772705ba0f8069b4e5d1f7ba6f831cfe4a145a8d1652685bd48dcc5817fe9de13fae686ba6af190da302d8e78c99fcb2cd6074a2b9
SSDEEP

3072:c/iJL5k8V5HrxXLxEwfWu1G1cWppLJg9Hu7b/t9jvCPNHCDml:ySL5ksFzG1nLsml9WFCa

Score

10^/10

danabot smokeloader backdoor banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220901-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker discovery trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  file.exe
- Size
  
  216KB
- MD5
  
  eebcd01fc997437a9e8d0d5d3251aa3d
- SHA1
  
  aee6094f3b7ebdd47ba91caac386f152db2355a1
- SHA256
  
  09ed41266242f1d86d54ea3902344cdc9b5852a57a918f0d01e178fcd92a66fa
- SHA512
  
  a7d45ba85cec8b6a1af81d772705ba0f8069b4e5d1f7ba6f831cfe4a145a8d1652685bd48dcc5817fe9de13fae686ba6af190da302d8e78c99fcb2cd6074a2b9
- SSDEEP
  
  3072:c/iJL5k8V5HrxXLxEwfWu1G1cWppLJg9Hu7b/t9jvCPNHCDml:ySL5ksFzG1nLsml9WFCa
Score

10^/10

smokeloader backdoor trojan danabot banker discovery
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

danabotsmokeloaderbackdoorbankerdiscoverytrojan

© 2018-2024

Terms | Privacy