Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    214KB

  • Sample

    221220-r8qhladc4x

  • MD5

    9ac92f2a0c65c0ef8577af9f7ce31bf5

  • SHA1

    1a00e61a3b11d82ccfa26fdcc297bcec9c04da46

  • SHA256

    a2a56847c92e2742c52820dd151144878df54d947725c737e94332857b88c581

  • SHA512

    e5594fdd7aae6dec4d92a16fe47e53068427c4af711321f18bca8d9d756544dce9598b010a8435a9074c95efab974f5a41e7d2c48f5debe4913b88eaab22d3dc

  • SSDEEP

    3072:NALLoo7R3C/pSGzGoJTrfOUL7PWz7b/tFdwpKWRNHCDml:aLoxhBTrfOWDWjLdwpKkCa

Score
10/10
danabotsmokeloaderbackdoorbankertrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      214KB

    • MD5

      9ac92f2a0c65c0ef8577af9f7ce31bf5

    • SHA1

      1a00e61a3b11d82ccfa26fdcc297bcec9c04da46

    • SHA256

      a2a56847c92e2742c52820dd151144878df54d947725c737e94332857b88c581

    • SHA512

      e5594fdd7aae6dec4d92a16fe47e53068427c4af711321f18bca8d9d756544dce9598b010a8435a9074c95efab974f5a41e7d2c48f5debe4913b88eaab22d3dc

    • SSDEEP

      3072:NALLoo7R3C/pSGzGoJTrfOUL7PWz7b/tFdwpKWRNHCDml:aLoxhBTrfOWDWjLdwpKkCa

    Score
    10/10
    smokeloaderbackdoortrojandanabotbanker

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks