danabot | 881c03c857c94709c03fcfbd8cf9bfc11b3d1f3579f0198a88e646d62575ee58 | Triage

Submit
Reports

Overview

overview

Static

static

14d27e8cf4...ad.exe

windows7-x64

14d27e8cf4...ad.exe

windows10-2004-x64

Sharing

General

Target

14d27e8cf4d45d944227148e218dabad.exe
Size

218KB
Sample

221220-ltb4rscc9s
MD5

14d27e8cf4d45d944227148e218dabad
SHA1

64829bacebf8be9d3e16b21b1a607124cb23dc01
SHA256

881c03c857c94709c03fcfbd8cf9bfc11b3d1f3579f0198a88e646d62575ee58
SHA512

0672d6d2359d1554267cb010900248627eed7e0fe35bdd8e2fa07a3847ed95a89e253d156cc2ca60d93b69336963d54f519762f4cd1b6ef2c87e941f96564971
SSDEEP

3072:FTPEC+Lfi8P9RUUBlhxdM/agCEuMRSdso06fWR7b/T7NHCDml:FrF+LK8AUt3rIqxDfWJNCa

Score

10^/10

danabot smokeloader systembc backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

14d27e8cf4d45d944227148e218dabad.exe

Resource

win7-20221111-en

smokeloader backdoor trojan

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

14d27e8cf4d45d944227148e218dabad.exe

Resource

win10v2004-20220901-en

danabot smokeloader systembc backdoor banker trojan

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

- Target
  
  14d27e8cf4d45d944227148e218dabad.exe
- Size
  
  218KB
- MD5
  
  14d27e8cf4d45d944227148e218dabad
- SHA1
  
  64829bacebf8be9d3e16b21b1a607124cb23dc01
- SHA256
  
  881c03c857c94709c03fcfbd8cf9bfc11b3d1f3579f0198a88e646d62575ee58
- SHA512
  
  0672d6d2359d1554267cb010900248627eed7e0fe35bdd8e2fa07a3847ed95a89e253d156cc2ca60d93b69336963d54f519762f4cd1b6ef2c87e941f96564971
- SSDEEP
  
  3072:FTPEC+Lfi8P9RUUBlhxdM/agCEuMRSdso06fWR7b/T7NHCDml:FrF+LK8AUt3rIqxDfWJNCa
Score

10^/10

smokeloader backdoor trojan danabot systembc banker
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

smokeloaderbackdoortrojan

behavioral2

danabotsmokeloadersystembcbackdoorbankertrojan

© 2018-2024

Terms | Privacy