General

  • Target

    4b2fa089ef4914c3f3051bb54ae87ce1e1d7bf8d4e377d5ef87970bb25b1d65a

  • Size

    214KB

  • Sample

    221221-ajzarsbd28

  • MD5

    365b90b7a84fccf0787b72d3a6d1a453

  • SHA1

    c8d57675ef1bd2f2d85d5d60ba2e3e91a1341784

  • SHA256

    4b2fa089ef4914c3f3051bb54ae87ce1e1d7bf8d4e377d5ef87970bb25b1d65a

  • SHA512

    a4dae322e320741d71f613178d00ef195718ef28a869605639f72dba0591655898a52052ff84458b1b3d0146c8f8d6d838b2738535530428a95cf9d8751178da

  • SSDEEP

    3072:/TAH0MSMLJJM15KsVKoYJW3Ea4q/PMoq2yuzFCL7b/Ck4NHCDml:0UKLJ5pWUanvNyuzUqrCa

Malware Config

Targets

    • Target

      4b2fa089ef4914c3f3051bb54ae87ce1e1d7bf8d4e377d5ef87970bb25b1d65a

    • Size

      214KB

    • MD5

      365b90b7a84fccf0787b72d3a6d1a453

    • SHA1

      c8d57675ef1bd2f2d85d5d60ba2e3e91a1341784

    • SHA256

      4b2fa089ef4914c3f3051bb54ae87ce1e1d7bf8d4e377d5ef87970bb25b1d65a

    • SHA512

      a4dae322e320741d71f613178d00ef195718ef28a869605639f72dba0591655898a52052ff84458b1b3d0146c8f8d6d838b2738535530428a95cf9d8751178da

    • SSDEEP

      3072:/TAH0MSMLJJM15KsVKoYJW3Ea4q/PMoq2yuzFCL7b/Ck4NHCDml:0UKLJ5pWUanvNyuzUqrCa

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Modify Registry

1
T1112

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Tasks