danabot

General

Target

c3806ca9a413b32c5ee8ff8f85882059.exe
Size

305KB
Sample

221220-lwmy2shb87
MD5

c3806ca9a413b32c5ee8ff8f85882059
SHA1

bb9d518dd9137242154cb739002f6b7296f6aefc
SHA256

81f3a2b4d61c482d118d57f730657a3ddb68d0261cae8f5497765b5af4950ea8
SHA512

4b3f2d1d1321c0780bf57c306e69e64536920b4fea7eed11c07d3362aea73b6d9ad3017d3332b49a60d32d9a326f8b619425f508a6f3f941901dae2d4e647774
SSDEEP

3072:kEzb+LV+JYX1pcM/5/QPPTAQXp/uXccBuvPqlFFnL5QxbhZpy65/1E3ZJyyjXgKg:DaLYGyMBqVRcBumF+bhu63QZImQKG0

Score

10^/10

Malware Config

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

- Target
  
  c3806ca9a413b32c5ee8ff8f85882059.exe
- Size
  
  305KB
- MD5
  
  c3806ca9a413b32c5ee8ff8f85882059
- SHA1
  
  bb9d518dd9137242154cb739002f6b7296f6aefc
- SHA256
  
  81f3a2b4d61c482d118d57f730657a3ddb68d0261cae8f5497765b5af4950ea8
- SHA512
  
  4b3f2d1d1321c0780bf57c306e69e64536920b4fea7eed11c07d3362aea73b6d9ad3017d3332b49a60d32d9a326f8b619425f508a6f3f941901dae2d4e647774
- SSDEEP
  
  3072:kEzb+LV+JYX1pcM/5/QPPTAQXp/uXccBuvPqlFFnL5QxbhZpy65/1E3ZJyyjXgKg:DaLYGyMBqVRcBumF+bhu63QZImQKG0
Score

10^/10

smokeloader backdoor trojan danabot systembc banker discovery
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

3

T1012

System Information Discovery

3

T1082

Peripheral Device Discovery

1

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects Smokeloader packer

SmokeLoader

SystemBC

Blocklisted process makes network request

Downloads MZ/PE file

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2