danabot | 470259db6840ebc8256faa7c44782d9efa47579dac57cf5f1fa88a4124130492 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004-x64

Sharing

General

Target

470259db6840ebc8256faa7c44782d9efa47579dac57cf5f1fa88a4124130492
Size

220KB
Sample

221221-c8rnbsbe52
MD5

8b23d09dbc3017a73fa22730685e549b
SHA1

a66e17d08719f5de9b15852f7f96451fcdb033a2
SHA256

470259db6840ebc8256faa7c44782d9efa47579dac57cf5f1fa88a4124130492
SHA512

a32869ff241650f419dbcc11b47b9ede48ccfcc23e464bea0e9ab5bea2325b80beb215ff641bb16c8f57cf9dd0ebf85279e4e72b0582e625b1be1db24e8f5d59
SSDEEP

3072:notA0Lv4115ZvCplRZLi6EiEXUbM7PsBy7b/9jKcNHCDml:oHLv4LvCpx26EieuMzssRnCa

Score

10^/10

danabot smokeloader backdoor banker discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

470259db6840ebc8256faa7c44782d9efa47579dac57cf5f1fa88a4124130492.exe

Resource

win10v2004-20221111-en

danabot smokeloader backdoor banker discovery trojan

windows10-2004-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  470259db6840ebc8256faa7c44782d9efa47579dac57cf5f1fa88a4124130492
- Size
  
  220KB
- MD5
  
  8b23d09dbc3017a73fa22730685e549b
- SHA1
  
  a66e17d08719f5de9b15852f7f96451fcdb033a2
- SHA256
  
  470259db6840ebc8256faa7c44782d9efa47579dac57cf5f1fa88a4124130492
- SHA512
  
  a32869ff241650f419dbcc11b47b9ede48ccfcc23e464bea0e9ab5bea2325b80beb215ff641bb16c8f57cf9dd0ebf85279e4e72b0582e625b1be1db24e8f5d59
- SSDEEP
  
  3072:notA0Lv4115ZvCplRZLi6EiEXUbM7PsBy7b/9jKcNHCDml:oHLv4LvCpx26EieuMzssRnCa
Score

10^/10

danabot smokeloader backdoor banker discovery trojan
- Danabot
  Danabot is a modular banking Trojan that has been linked with other malware.
  trojan banker danabot
- Detects Smokeloader packer
- SmokeLoader
  Modular backdoor trojan in use since 2014.
  trojan backdoor smokeloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

danabotsmokeloaderbackdoorbankerdiscoverytrojan

© 2018-2024

Terms | Privacy