danabot | 179aa4bcf4e0e9c6b0e332d50b208d5c32dcd988ff09513f70d10fb31c8768fc | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

179aa4bcf4e0e9c6b0e332d50b208d5c32dcd988ff09513f70d10fb31c8768fc
Size

214KB
Sample

221220-t2j4caac95
MD5

c20702bae9923a2e00e3efdd5b9f6777
SHA1

11192da662881ca0e43c46bc2246392e3dd16f25
SHA256

179aa4bcf4e0e9c6b0e332d50b208d5c32dcd988ff09513f70d10fb31c8768fc
SHA512

0c350b17ee871016267d3be2604f7aef0ae2c8b5963e0955e133f9312538063fc588495da1fa14d8372eef72b6d7713af16ab1914eebe38129f986dce8cd6adc
SSDEEP

3072:VCTILm3D4N5hfEHzF4sKUGfUtNh6NLoG7b/cW5lyCggtNHCDml:Y8Lm3DGsKU/tNh6fWC1PCa

Score

10^/10

danabot smokeloader backdoor banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

179aa4bcf4e0e9c6b0e332d50b208d5c32dcd988ff09513f70d10fb31c8768fc.exe

Resource

win10v2004-20220901-en

danabot smokeloader backdoor banker discovery trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  179aa4bcf4e0e9c6b0e332d50b208d5c32dcd988ff09513f70d10fb31c8768fc
- Size
  
  214KB
- MD5
  
  c20702bae9923a2e00e3efdd5b9f6777
- SHA1
  
  11192da662881ca0e43c46bc2246392e3dd16f25
- SHA256
  
  179aa4bcf4e0e9c6b0e332d50b208d5c32dcd988ff09513f70d10fb31c8768fc
- SHA512
  
  0c350b17ee871016267d3be2604f7aef0ae2c8b5963e0955e133f9312538063fc588495da1fa14d8372eef72b6d7713af16ab1914eebe38129f986dce8cd6adc
- SSDEEP
  
  3072:VCTILm3D4N5hfEHzF4sKUGfUtNh6NLoG7b/cW5lyCggtNHCDml:Y8Lm3DGsKU/tNh6fWC1PCa
Score

10^/10

danabot smokeloader backdoor banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverytrojan

© 2018-2024

Terms | Privacy