danabot | 86615732127c524543c11ecc3d851aed5d20e84f812fa60b1d8d73325d4126f5 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

86615732127c524543c11ecc3d851aed5d20e84f812fa60b1d8d73325d4126f5
Size

240KB
Sample

221220-ttll7sac74
MD5

13d04e2ad09ce18abe054262bae3dbf4
SHA1

7c712ae6e5c463209419e853a294f9f008bb8356
SHA256

86615732127c524543c11ecc3d851aed5d20e84f812fa60b1d8d73325d4126f5
SHA512

fe64a16a04262b57f506b896ea0728ea2d2a4c1d85356133e9394439b278a6a70529170ee1904ad4e3e960f6fafddfa576ee0e690ad63be0b251944266644488
SSDEEP

3072:0XJu3E6/Llvy0XR5TsjB3/3WJFyT/JdlA3Aj6Y7b/LlNHCDml:wG5/Llvy0sduFybvlAQj6ojXCa

Score

10^/10

danabot smokeloader backdoor banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

86615732127c524543c11ecc3d851aed5d20e84f812fa60b1d8d73325d4126f5.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker discovery trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  86615732127c524543c11ecc3d851aed5d20e84f812fa60b1d8d73325d4126f5
- Size
  
  240KB
- MD5
  
  13d04e2ad09ce18abe054262bae3dbf4
- SHA1
  
  7c712ae6e5c463209419e853a294f9f008bb8356
- SHA256
  
  86615732127c524543c11ecc3d851aed5d20e84f812fa60b1d8d73325d4126f5
- SHA512
  
  fe64a16a04262b57f506b896ea0728ea2d2a4c1d85356133e9394439b278a6a70529170ee1904ad4e3e960f6fafddfa576ee0e690ad63be0b251944266644488
- SSDEEP
  
  3072:0XJu3E6/Llvy0XR5TsjB3/3WJFyT/JdlA3Aj6Y7b/LlNHCDml:wG5/Llvy0sduFybvlAQj6ojXCa
Score

10^/10

danabot smokeloader backdoor banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverytrojan

© 2018-2024

Terms | Privacy