danabot | 618eb7d2b5bd2e32203d01e076ce78fb580f4af7a3a417ec800d8d726b333df3 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

618eb7d2b5bd2e32203d01e076ce78fb580f4af7a3a417ec800d8d726b333df3
Size

216KB
Sample

221220-xbazjaaf62
MD5

0f72a0242a1cfa4af571328687d73b90
SHA1

1b3af5d6e9ca50592211e3a29e65a1c7817c6e5e
SHA256

618eb7d2b5bd2e32203d01e076ce78fb580f4af7a3a417ec800d8d726b333df3
SHA512

0b318e94d76d660673bb0ebc4440889e48eea1be3df08a176190dbc3efefbfbf6bbf53a7f035c7f0fa7d4b40d829bcf0308eb04a40e7cdb8dcba28ed056228f5
SSDEEP

3072:9mDhL7HoV5Kzo8XKC0z77KeYGe5+hx7szW7b/zNHCDml:AdLTHzTaz77KeeK6S5Ca

Score

10^/10

danabot smokeloader backdoor banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

618eb7d2b5bd2e32203d01e076ce78fb580f4af7a3a417ec800d8d726b333df3.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker discovery trojan

windows10-2004-x64

24 signatures

150 seconds

Malware Config

Targets

- Target
  
  618eb7d2b5bd2e32203d01e076ce78fb580f4af7a3a417ec800d8d726b333df3
- Size
  
  216KB
- MD5
  
  0f72a0242a1cfa4af571328687d73b90
- SHA1
  
  1b3af5d6e9ca50592211e3a29e65a1c7817c6e5e
- SHA256
  
  618eb7d2b5bd2e32203d01e076ce78fb580f4af7a3a417ec800d8d726b333df3
- SHA512
  
  0b318e94d76d660673bb0ebc4440889e48eea1be3df08a176190dbc3efefbfbf6bbf53a7f035c7f0fa7d4b40d829bcf0308eb04a40e7cdb8dcba28ed056228f5
- SSDEEP
  
  3072:9mDhL7HoV5Kzo8XKC0z77KeYGe5+hx7szW7b/zNHCDml:AdLTHzTaz77KeeK6S5Ca
Score

10^/10

danabot smokeloader backdoor banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverytrojan

© 2018-2024

Terms | Privacy