Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    220KB

  • Sample

    221221-c21bwsbe45

  • MD5

    10284282f79b91bed875fde9f063739d

  • SHA1

    e10112f1ae9bf0eb94ec12446a3bb42f355834c1

  • SHA256

    37397d4daba951caf74ad3438dfaf81709fbb8e37df7f441ae38c515418ff0c9

  • SHA512

    8b47b8cc64b1a6f86b5f5032cdba44b974186e8c1e55034b4568f782d250927ded315889b831102f501d6df39e018d0c3b8802a739ddd5d29c9600a31e3cc078

  • SSDEEP

    3072:tLk7LiGf115+wMmmxBnYgdTb1T1EqeIVk2B1V7b/H4uNHCDml:l6LiGfgVX9Jflkyf4sCa

Score
10/10
danabotsmokeloaderbackdoorbankerdiscoverytrojan

Malware Config

Targets

    • Target

      file.exe

    • Size

      220KB

    • MD5

      10284282f79b91bed875fde9f063739d

    • SHA1

      e10112f1ae9bf0eb94ec12446a3bb42f355834c1

    • SHA256

      37397d4daba951caf74ad3438dfaf81709fbb8e37df7f441ae38c515418ff0c9

    • SHA512

      8b47b8cc64b1a6f86b5f5032cdba44b974186e8c1e55034b4568f782d250927ded315889b831102f501d6df39e018d0c3b8802a739ddd5d29c9600a31e3cc078

    • SSDEEP

      3072:tLk7LiGf115+wMmmxBnYgdTb1T1EqeIVk2B1V7b/H4uNHCDml:l6LiGfgVX9Jflkyf4sCa

    Score
    10/10
    smokeloaderbackdoortrojandanabotbankerdiscovery

    • Danabot

      Danabot is a modular banking Trojan that has been linked with other malware.

      trojanbankerdanabot

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks