danabot | c2b5409cb10d0489b261f73e77d11364efcb183db3ec1d3343ce84d4695058e6 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

c2b5409cb10d0489b261f73e77d11364efcb183db3ec1d3343ce84d4695058e6
Size

240KB
Sample

221220-szqbxaab98
MD5

04448f21f8abc98dd75a2c1195b1fcb2
SHA1

94672eb3cba64b80cebbbf79e765ee8aad9ba23b
SHA256

c2b5409cb10d0489b261f73e77d11364efcb183db3ec1d3343ce84d4695058e6
SHA512

48ae793a7873e0cc115a82a83a1491478de8c9fd151aaa558c5fcf14d80e2c76e189c5580e0c685c5b48fcae4302c7191df89f3af6c7a6579a1c781c065a2962
SSDEEP

3072:KXJNKp8Lo9A623R5DfbEzoHkT7EaGVGfnkN6ya7b/BlqNHCDml:q+qLCA624YkTwfVG/kmJWCa

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

c2b5409cb10d0489b261f73e77d11364efcb183db3ec1d3343ce84d4695058e6.exe

Resource

win10-20220812-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  c2b5409cb10d0489b261f73e77d11364efcb183db3ec1d3343ce84d4695058e6
- Size
  
  240KB
- MD5
  
  04448f21f8abc98dd75a2c1195b1fcb2
- SHA1
  
  94672eb3cba64b80cebbbf79e765ee8aad9ba23b
- SHA256
  
  c2b5409cb10d0489b261f73e77d11364efcb183db3ec1d3343ce84d4695058e6
- SHA512
  
  48ae793a7873e0cc115a82a83a1491478de8c9fd151aaa558c5fcf14d80e2c76e189c5580e0c685c5b48fcae4302c7191df89f3af6c7a6579a1c781c065a2962
- SSDEEP
  
  3072:KXJNKp8Lo9A623R5DfbEzoHkT7EaGVGfnkN6ya7b/BlqNHCDml:q+qLCA624YkTwfVG/kmJWCa
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy