danabot | 006e30e9a52680eb74ca45700561c6e0f382ccf2cd4f43e39d3f88d8c006435a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

006e30e9a52680eb74ca45700561c6e0f382ccf2cd4f43e39d3f88d8c006435a
Size

215KB
Sample

221220-vpvjzsde6s
MD5

3235e85040060ced1cd3e312a071bce5
SHA1

1251282abee1053553fc64567cbcfdd835c8eb83
SHA256

006e30e9a52680eb74ca45700561c6e0f382ccf2cd4f43e39d3f88d8c006435a
SHA512

8bf2ef4953290d47d73214539cfb01776f853e2fffad53849ca5fef4b6b0cb195830643c484430d8600dcbe90620ab5acf4b651022ba9123462bde9ef7453786
SSDEEP

3072:4eltoLYkXV5VvM6Uy5LfTLzbdUjRKEk3noVcvC7b/9CuNHCDml:LlaLYov/UeTLzbdU1K53oyvSdCa

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

006e30e9a52680eb74ca45700561c6e0f382ccf2cd4f43e39d3f88d8c006435a.exe

Resource

win10-20220812-en

danabot smokeloader backdoor banker trojan

windows10-1703-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  006e30e9a52680eb74ca45700561c6e0f382ccf2cd4f43e39d3f88d8c006435a
- Size
  
  215KB
- MD5
  
  3235e85040060ced1cd3e312a071bce5
- SHA1
  
  1251282abee1053553fc64567cbcfdd835c8eb83
- SHA256
  
  006e30e9a52680eb74ca45700561c6e0f382ccf2cd4f43e39d3f88d8c006435a
- SHA512
  
  8bf2ef4953290d47d73214539cfb01776f853e2fffad53849ca5fef4b6b0cb195830643c484430d8600dcbe90620ab5acf4b651022ba9123462bde9ef7453786
- SSDEEP
  
  3072:4eltoLYkXV5VvM6Uy5LfTLzbdUjRKEk3noVcvC7b/9CuNHCDml:LlaLYov/UeTLzbdU1K53oyvSdCa
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy