danabot | 2f08de61aae3a2c7b34bfa21e4bd138d9ec818ba1ba3b531b8ea1fa13e7625da | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

2f08de61aae3a2c7b34bfa21e4bd138d9ec818ba1ba3b531b8ea1fa13e7625da
Size

216KB
Sample

221220-xd65raaf76
MD5

2df3c5eee27ffa84116b3d4cbe2a8362
SHA1

407d21ac10a6e9a3355106f69251e987628a8257
SHA256

2f08de61aae3a2c7b34bfa21e4bd138d9ec818ba1ba3b531b8ea1fa13e7625da
SHA512

7d2e9ac61b85a1b8b01310323070483290a1a5bc8c9be6d30d4058e9db2c2d3bca21998ed4d961f7b97a009784f5c4d7f3b10d4bc84873210a6ca8cc31ebe491
SSDEEP

3072:v7DhL7HoV5Ea+4+F1voPBN6RRM327/Z8ATMpU2PZShVeX7b/DP4aENHCDml:jdLT9T1v0NoM3O/ZmpU0ZyVevLP6Ca

Score

10^/10

danabot smokeloader backdoor banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

2f08de61aae3a2c7b34bfa21e4bd138d9ec818ba1ba3b531b8ea1fa13e7625da.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  2f08de61aae3a2c7b34bfa21e4bd138d9ec818ba1ba3b531b8ea1fa13e7625da
- Size
  
  216KB
- MD5
  
  2df3c5eee27ffa84116b3d4cbe2a8362
- SHA1
  
  407d21ac10a6e9a3355106f69251e987628a8257
- SHA256
  
  2f08de61aae3a2c7b34bfa21e4bd138d9ec818ba1ba3b531b8ea1fa13e7625da
- SHA512
  
  7d2e9ac61b85a1b8b01310323070483290a1a5bc8c9be6d30d4058e9db2c2d3bca21998ed4d961f7b97a009784f5c4d7f3b10d4bc84873210a6ca8cc31ebe491
- SSDEEP
  
  3072:v7DhL7HoV5Ea+4+F1voPBN6RRM327/Z8ATMpU2PZShVeX7b/DP4aENHCDml:jdLT9T1v0NoM3O/ZmpU0ZyVevLP6Ca
Score

10^/10

danabot smokeloader backdoor banker trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankertrojan

© 2018-2024

Terms | Privacy