danabot | 6599bada5b2bf6775cbd9d3c686feb7f4e86b15737980082279815d604ddef2a | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

6599bada5b2bf6775cbd9d3c686feb7f4e86b15737980082279815d604ddef2a
Size

216KB
Sample

221220-ww5h7sae82
MD5

9d5d0754c33acb2275efe08db3ee582b
SHA1

05421b51db5bc2ee54cdb20d7b9c3dcec1fabb3a
SHA256

6599bada5b2bf6775cbd9d3c686feb7f4e86b15737980082279815d604ddef2a
SHA512

06e04f81efd84ec660f469e828624737883bb5d7a2f726d9216f712e5138bde800cd864770bccab9f61f16a03e720dad619d07545035850372f3edd51867b5e2
SSDEEP

3072:ev/YsL+rV5HMuL9I5PHIrbnEeNXhKJN7b/czuj2CtJNHCDml:4TL+rNB4cIpvkCqECa

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

6599bada5b2bf6775cbd9d3c686feb7f4e86b15737980082279815d604ddef2a.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

22 signatures

150 seconds

Malware Config

Targets

- Target
  
  6599bada5b2bf6775cbd9d3c686feb7f4e86b15737980082279815d604ddef2a
- Size
  
  216KB
- MD5
  
  9d5d0754c33acb2275efe08db3ee582b
- SHA1
  
  05421b51db5bc2ee54cdb20d7b9c3dcec1fabb3a
- SHA256
  
  6599bada5b2bf6775cbd9d3c686feb7f4e86b15737980082279815d604ddef2a
- SHA512
  
  06e04f81efd84ec660f469e828624737883bb5d7a2f726d9216f712e5138bde800cd864770bccab9f61f16a03e720dad619d07545035850372f3edd51867b5e2
- SSDEEP
  
  3072:ev/YsL+rV5HMuL9I5PHIrbnEeNXhKJN7b/czuj2CtJNHCDml:4TL+rNB4cIpvkCqECa
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy