Extracted

• • Target

    14d27e8cf4d45d944227148e218dabad.exe

  • Size

    218KB

  • MD5

    14d27e8cf4d45d944227148e218dabad

  • SHA1

    64829bacebf8be9d3e16b21b1a607124cb23dc01

  • SHA256

    881c03c857c94709c03fcfbd8cf9bfc11b3d1f3579f0198a88e646d62575ee58

  • SHA512

    0672d6d2359d1554267cb010900248627eed7e0fe35bdd8e2fa07a3847ed95a89e253d156cc2ca60d93b69336963d54f519762f4cd1b6ef2c87e941f96564971

  • SSDEEP

    3072:FTPEC+Lfi8P9RUUBlhxdM/agCEuMRSdso06fWR7b/T7NHCDml:FrF+LK8AUt3rIqxDfWJNCa

  Score

  10^/10

  smokeloaderbackdoortrojandanabotsystembcbanker

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Detects Smokeloader packer

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  behavioral1behavioral2