Overview

overview

10

Static

static

212817a243...b0.exe

windows7-x64

10

212817a243...b0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    212817a2439b3d3b034ce5ddf32b69b0.exe

  • Size

    304KB

  • Sample

    221220-lssp5ahb83

  • MD5

    212817a2439b3d3b034ce5ddf32b69b0

  • SHA1

    03097a9a1d2824a16a3a84c4c765c0fc09954153

  • SHA256

    38e999b667e1396ec4793fd9bd4f5abfde6f5ef3c5faaebfcd29d345350cf76f

  • SHA512

    6ef2ec69f01f97f8e496a3d4d55e6c955cc55674033fd10481259cd3ca35dbda40b1125123a3d07838fa7784a4bc87c9323061cb7ede406efdcfd515736a3b27

  • SSDEEP

    3072:z4z3Ls+mjpEE75l71MAQnUt1J1tWvvXnx+NasdASy65/1E3ZJyyjXgKG0xOKbyD9:C3LKqEmU9X6vXBn63QZImQKG0

Score
10/10
danabotsmokeloadersystembcbackdoorbankerdiscoverytrojan

Malware Config

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

    • Target

      212817a2439b3d3b034ce5ddf32b69b0.exe

    • Size

      304KB

    • MD5

      212817a2439b3d3b034ce5ddf32b69b0

    • SHA1

      03097a9a1d2824a16a3a84c4c765c0fc09954153

    • SHA256

      38e999b667e1396ec4793fd9bd4f5abfde6f5ef3c5faaebfcd29d345350cf76f

    • SHA512

      6ef2ec69f01f97f8e496a3d4d55e6c955cc55674033fd10481259cd3ca35dbda40b1125123a3d07838fa7784a4bc87c9323061cb7ede406efdcfd515736a3b27

    • SSDEEP

      3072:z4z3Ls+mjpEE75l71MAQnUt1J1tWvvXnx+NasdASy65/1E3ZJyyjXgKG0xOKbyD9:C3LKqEmU9X6vXBn63QZImQKG0

    Score
    10/10
    smokeloaderbackdoortrojandanabotsystembcbankerdiscovery

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks