danabot | 0ab2ff1dd74db5573f8fb5653bf9278698f98b4b9bfb8a9b6207fa7b876ea339 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

0ab2ff1dd74db5573f8fb5653bf9278698f98b4b9bfb8a9b6207fa7b876ea339
Size

240KB
Sample

221220-tnydtadd4x
MD5

5131d1f852996c05688e24ab683decaf
SHA1

081263a58c85d8ecbcf959569fdbdc113c870c1f
SHA256

0ab2ff1dd74db5573f8fb5653bf9278698f98b4b9bfb8a9b6207fa7b876ea339
SHA512

dbaf5b340f33da77a817d9a9728a844fde5d1345f59a76cfc5bb54c72e33ecec4282d92c93e6fd62d047af0b974d7d44b7480599e9c8d91a3b16117b20b40aa2
SSDEEP

3072:iXRfpUSLD+IFLR5uiAbUDAFFBVEuXHYNA07b/TUf9cnMU5hpYNHCDml:ihDLD+IFmieAKl3YKcrTF5hpSCa

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

0ab2ff1dd74db5573f8fb5653bf9278698f98b4b9bfb8a9b6207fa7b876ea339.exe

Resource

win10-20220812-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  0ab2ff1dd74db5573f8fb5653bf9278698f98b4b9bfb8a9b6207fa7b876ea339
- Size
  
  240KB
- MD5
  
  5131d1f852996c05688e24ab683decaf
- SHA1
  
  081263a58c85d8ecbcf959569fdbdc113c870c1f
- SHA256
  
  0ab2ff1dd74db5573f8fb5653bf9278698f98b4b9bfb8a9b6207fa7b876ea339
- SHA512
  
  dbaf5b340f33da77a817d9a9728a844fde5d1345f59a76cfc5bb54c72e33ecec4282d92c93e6fd62d047af0b974d7d44b7480599e9c8d91a3b16117b20b40aa2
- SSDEEP
  
  3072:iXRfpUSLD+IFLR5uiAbUDAFFBVEuXHYNA07b/TUf9cnMU5hpYNHCDml:ihDLD+IFmieAKl3YKcrTF5hpSCa
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy