Extracted

• • Target

    c3806ca9a413b32c5ee8ff8f85882059.exe

  • Size

    305KB

  • MD5

    c3806ca9a413b32c5ee8ff8f85882059

  • SHA1

    bb9d518dd9137242154cb739002f6b7296f6aefc

  • SHA256

    81f3a2b4d61c482d118d57f730657a3ddb68d0261cae8f5497765b5af4950ea8

  • SHA512

    4b3f2d1d1321c0780bf57c306e69e64536920b4fea7eed11c07d3362aea73b6d9ad3017d3332b49a60d32d9a326f8b619425f508a6f3f941901dae2d4e647774

  • SSDEEP

    3072:kEzb+LV+JYX1pcM/5/QPPTAQXp/uXccBuvPqlFFnL5QxbhZpy65/1E3ZJyyjXgKg:DaLYGyMBqVRcBumF+bhu63QZImQKG0

  Score

  10^/10

  smokeloaderbackdoortrojandanabotsystembcbankerdiscovery

  • Danabot

    Danabot is a modular banking Trojan that has been linked with other malware.

    trojanbankerdanabot

  • Detects Smokeloader packer

  • SmokeLoader

    Modular backdoor trojan in use since 2014.

    trojanbackdoorsmokeloader

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Blocklisted process makes network request

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2