danabot | 8e1462f1fda39fe4656c3497c5423fa103872b7ec2d331a7432e8b9b17d3c7af | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

8e1462f1fda39fe4656c3497c5423fa103872b7ec2d331a7432e8b9b17d3c7af
Size

215KB
Sample

221220-y7lataba38
MD5

98fa5936d9356bc54a0e654455dbd738
SHA1

ca07de20da02ca96980b88d513973421e36f1ff1
SHA256

8e1462f1fda39fe4656c3497c5423fa103872b7ec2d331a7432e8b9b17d3c7af
SHA512

89e90e854264167b44b821531c9d2822a90dfc4d2d5fdd53964a5d9a567f934cc44d70aa9d3ffd5867d64a468aaf4c50909c9202e96ea2cceb1b4ad3ff976e51
SSDEEP

3072:7yLgoL510V5xcHmEv+6ycSZ/Gpbhk5miBVlM8Nnw7b/dY64EdRsQNHCDml:u9L51qcx9zEmiBg8Ki6tdRdCa

Score

10^/10

danabot smokeloader backdoor banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

8e1462f1fda39fe4656c3497c5423fa103872b7ec2d331a7432e8b9b17d3c7af.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker discovery trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  8e1462f1fda39fe4656c3497c5423fa103872b7ec2d331a7432e8b9b17d3c7af
- Size
  
  215KB
- MD5
  
  98fa5936d9356bc54a0e654455dbd738
- SHA1
  
  ca07de20da02ca96980b88d513973421e36f1ff1
- SHA256
  
  8e1462f1fda39fe4656c3497c5423fa103872b7ec2d331a7432e8b9b17d3c7af
- SHA512
  
  89e90e854264167b44b821531c9d2822a90dfc4d2d5fdd53964a5d9a567f934cc44d70aa9d3ffd5867d64a468aaf4c50909c9202e96ea2cceb1b4ad3ff976e51
- SSDEEP
  
  3072:7yLgoL510V5xcHmEv+6ycSZ/Gpbhk5miBVlM8Nnw7b/dY64EdRsQNHCDml:u9L51qcx9zEmiBg8Ki6tdRdCa
Score

10^/10

danabot smokeloader backdoor banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverytrojan

© 2018-2024

Terms | Privacy