danabot | 98ede8733638e771e396ec0e48562ce9c27595916f7a248d1ccbc4fc13f6f7f6 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

98ede8733638e771e396ec0e48562ce9c27595916f7a248d1ccbc4fc13f6f7f6
Size

218KB
Sample

221220-n1sq7shd73
MD5

21c0bcafdc20d06ed7b61c1ed8f4f84c
SHA1

d5673c3b26cb6e1d2670f3be381eca1793beac34
SHA256

98ede8733638e771e396ec0e48562ce9c27595916f7a248d1ccbc4fc13f6f7f6
SHA512

90e42d54f2eef007743ea03bb23ded489678a9beda5a9bc1aff817c25932397d65c5ed3e7eb82f51e1d90394a224c78cc44fab1c341ef72cf630b93914a2e66b
SSDEEP

3072:4yP6uL95fiHRY7a0OAYehzchDMfOn7b/2uLNHCDml:4Q6uLXfTXcFDfuupCa

Score

10^/10

danabot smokeloader systembc backdoor banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

98ede8733638e771e396ec0e48562ce9c27595916f7a248d1ccbc4fc13f6f7f6.exe

Resource

win10v2004-20220812-en

danabot smokeloader systembc backdoor banker discovery trojan

windows10-2004-x64

25 signatures

150 seconds

Malware Config

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

- Target
  
  98ede8733638e771e396ec0e48562ce9c27595916f7a248d1ccbc4fc13f6f7f6
- Size
  
  218KB
- MD5
  
  21c0bcafdc20d06ed7b61c1ed8f4f84c
- SHA1
  
  d5673c3b26cb6e1d2670f3be381eca1793beac34
- SHA256
  
  98ede8733638e771e396ec0e48562ce9c27595916f7a248d1ccbc4fc13f6f7f6
- SHA512
  
  90e42d54f2eef007743ea03bb23ded489678a9beda5a9bc1aff817c25932397d65c5ed3e7eb82f51e1d90394a224c78cc44fab1c341ef72cf630b93914a2e66b
- SSDEEP
  
  3072:4yP6uL95fiHRY7a0OAYehzchDMfOn7b/2uLNHCDml:4Q6uLXfTXcFDfuupCa
Score

10^/10

danabot smokeloader systembc backdoor banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloadersystembcbackdoorbankerdiscoverytrojan

© 2018-2024

Terms | Privacy