danabot | 028e24a26eb6bc61d71b5913b990b12b074d3a4240dcc18c18440948204e3835 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

028e24a26eb6bc61d71b5913b990b12b074d3a4240dcc18c18440948204e3835
Size

214KB
Sample

221221-ajr7fsbd27
MD5

afd3e0f6ef7f7bd3a63335c15dd2bbb0
SHA1

a5ca0f9a057c4f2245a3376cf8a51844584277b8
SHA256

028e24a26eb6bc61d71b5913b990b12b074d3a4240dcc18c18440948204e3835
SHA512

d951b5c8dc843d06060d727515284f1a6b254a65adbc6ce846652a8eeba02a8415da684cda4c74a4c6e9c2161d10b24572f5b28fa5ec3667a3ddc39ed695b7a9
SSDEEP

3072:kGPTuLNbTPCM15j0tPi3n7tRIiQkJOPYYL7b/29XJIh7NHCDml:5KLNHPKFihGiQO0Tu9XKh5Ca

Score

10^/10

danabot smokeloader backdoor banker collection discovery spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

028e24a26eb6bc61d71b5913b990b12b074d3a4240dcc18c18440948204e3835.exe

Resource

win10v2004-20220812-en

danabot smokeloader backdoor banker collection discovery spyware stealer trojan

windows10-2004-x64

29 signatures

150 seconds

Malware Config

Targets

- Target
  
  028e24a26eb6bc61d71b5913b990b12b074d3a4240dcc18c18440948204e3835
- Size
  
  214KB
- MD5
  
  afd3e0f6ef7f7bd3a63335c15dd2bbb0
- SHA1
  
  a5ca0f9a057c4f2245a3376cf8a51844584277b8
- SHA256
  
  028e24a26eb6bc61d71b5913b990b12b074d3a4240dcc18c18440948204e3835
- SHA512
  
  d951b5c8dc843d06060d727515284f1a6b254a65adbc6ce846652a8eeba02a8415da684cda4c74a4c6e9c2161d10b24572f5b28fa5ec3667a3ddc39ed695b7a9
- SSDEEP
  
  3072:kGPTuLNbTPCM15j0tPi3n7tRIiQkJOPYYL7b/29XJIh7NHCDml:5KLNHPKFihGiQO0Tu9XKh5Ca
Score

10^/10

danabot smokeloader backdoor banker collection discovery spyware stealer trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook accounts
  collection
- Accesses Microsoft Outlook profiles
  collection
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankercollectiondiscoveryspywarestealertrojan

© 2018-2024

Terms | Privacy