danabot | 1188202c0b8642520e0ff667d8900c789a87eea168306d475cadf3ee71778eb4 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

1188202c0b8642520e0ff667d8900c789a87eea168306d475cadf3ee71778eb4
Size

215KB
Sample

221220-w1cnzsdf8v
MD5

d215be0784cbdac971b1ab56c49f7512
SHA1

d6214ffda05389ecc2c07090e15f6109dc3add36
SHA256

1188202c0b8642520e0ff667d8900c789a87eea168306d475cadf3ee71778eb4
SHA512

55f1c298397afa97c62def5cf28bd675252365ba75a805a0ccf15be0f2d7dda2cc954da945b3be9a888cc0d40879cb40156b1b33dee202045c862d86206824d0
SSDEEP

3072:JYtwLvlPTCV5M+PP5Lm/NaLUvHu7b/JVHVNHCDml:WWLvxS35Lm/NawvGxVHCa

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

1188202c0b8642520e0ff667d8900c789a87eea168306d475cadf3ee71778eb4.exe

Resource

win10v2004-20220901-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  1188202c0b8642520e0ff667d8900c789a87eea168306d475cadf3ee71778eb4
- Size
  
  215KB
- MD5
  
  d215be0784cbdac971b1ab56c49f7512
- SHA1
  
  d6214ffda05389ecc2c07090e15f6109dc3add36
- SHA256
  
  1188202c0b8642520e0ff667d8900c789a87eea168306d475cadf3ee71778eb4
- SHA512
  
  55f1c298397afa97c62def5cf28bd675252365ba75a805a0ccf15be0f2d7dda2cc954da945b3be9a888cc0d40879cb40156b1b33dee202045c862d86206824d0
- SSDEEP
  
  3072:JYtwLvlPTCV5M+PP5Lm/NaLUvHu7b/JVHVNHCDml:WWLvxS35Lm/NawvGxVHCa
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy