Extracted

• • Target

    212817a2439b3d3b034ce5ddf32b69b0.exe

  • Size

    304KB

  • MD5

    212817a2439b3d3b034ce5ddf32b69b0

  • SHA1

    03097a9a1d2824a16a3a84c4c765c0fc09954153

  • SHA256

    38e999b667e1396ec4793fd9bd4f5abfde6f5ef3c5faaebfcd29d345350cf76f

  • SHA512

    6ef2ec69f01f97f8e496a3d4d55e6c955cc55674033fd10481259cd3ca35dbda40b1125123a3d07838fa7784a4bc87c9323061cb7ede406efdcfd515736a3b27

  • SSDEEP

    3072:z4z3Ls+mjpEE75l71MAQnUt1J1tWvvXnx+NasdASy65/1E3ZJyyjXgKG0xOKbyD9:C3LKqEmU9X6vXBn63QZImQKG0

  Score

  10^/10

  smokeloaderbackdoortrojandanabotsystembcbankerdiscovery

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Detects Smokeloader packer

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2